• DocumentCode
    3093103
  • Title

    MAPMon: A Host-Based Malware Detection Tool

  • Author

    Dai, Shih-Yao ; Kuo, Sy-Yen

  • Author_Institution
    Nat. Taiwan Univ., Taipei
  • fYear
    2007
  • fDate
    17-19 Dec. 2007
  • Firstpage
    349
  • Lastpage
    356
  • Abstract
    In order for financial-motivated malware programs such as spyware, virus and worm to survive after system rebooted, they have to modify entries in auto start extensibility points (ASEPs), system calls or system files on a comprised system. We call these system resources which a malware program could attack once it intrudes a host as malware attacking points (MAPs). Based on this observation, we design and implement MAPMon, a monitoring mechanism to detect any suspicious change of malware attacking points. This paper describes the design and implementation tradeoff of the MAPMon tool. The effectiveness of the MAPMon tool for malware detection is evaluated by using real-world malware programs including those that do not have signatures.
  • Keywords
    computer viruses; system monitoring; MAPMon; auto start extensibility points; financial-motivated malware programs; host-based malware detection tool; malware attacking points; monitoring mechanism; spyware; system calls; system files; virus; worm; Application software; Computer viruses; Computer worms; Encoding; Intrusion detection; Invasive software; Monitoring; Software design; Software tools; Splicing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Computing, 2007. PRDC 2007. 13th Pacific Rim International Symposium on
  • Conference_Location
    Melbourne, Qld.
  • Print_ISBN
    0-7695-3054-0
  • Type

    conf

  • DOI
    10.1109/PRDC.2007.23
  • Filename
    4459682
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3093103