Virus Detection Method based on Behavior Resource Tree


Mengsong Zou, Lansheng Han, Ming Liu, Qiwen Liu, Journal of Information Processing Systems Vol. 7, No. 1, pp. 173-186, Mar. 2011  

10.3745/JIPS.2011.7.1.173
Keywords: computer virus, Behavior-Based Detection, Dynamic Link Library, Behavior Resource Tree
Fulltext:

Abstract

Due to the disadvantages of signature-based computer virus detection techniques, behavior-based detection methods have developed rapidly in recent years. However, current popular behavior-based detection methods only take API call sequences as program behavior features and the difference between API calls in the detection is not taken into consideration. This paper divides virus behaviors into separate function modules by introducing DLLs into detection. APIs in different modules have different importance. DLLs and APIs are both considered program calling resources. Based on the calling relationships between DLLs and APIs, program calling resources can be pictured as a tree named program behavior resource tree. Important block structures are selected from the tree as program behavior features. Finally, a virus detection model based on behavior the resource tree is proposed and verified by experiment which provides a helpful reference to virus detection.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.




Cite this article
[APA Style]
Zou, M., Han, L., Liu, M., & Liu, Q. (2011). Virus Detection Method based on Behavior Resource Tree. Journal of Information Processing Systems, 7(1), 173-186. DOI: 10.3745/JIPS.2011.7.1.173.

[IEEE Style]
M. Zou, L. Han, M. Liu, Q. Liu, "Virus Detection Method based on Behavior Resource Tree," Journal of Information Processing Systems, vol. 7, no. 1, pp. 173-186, 2011. DOI: 10.3745/JIPS.2011.7.1.173.

[ACM Style]
Mengsong Zou, Lansheng Han, Ming Liu, and Qiwen Liu. 2011. Virus Detection Method based on Behavior Resource Tree. Journal of Information Processing Systems, 7, 1, (2011), 173-186. DOI: 10.3745/JIPS.2011.7.1.173.