Detecting Unknown Massive Mailing Viruses Using Proactive Methods

@inproceedings{Hu2004DetectingUM,
  title={Detecting Unknown Massive Mailing Viruses Using Proactive Methods},
  author={Ruiqi Hu and Aloysius K. Mok},
  booktitle={RAID},
  year={2004}
}
The detection of unknown viruses is beyond the capability of many existing virus detection approaches. In this paper, we show how proactive customization of system behaviors can be used to improve the detection rate of unknown malicious executables. Two general proactive methods, behavior skewing and cordoning, and their application in BESIDES, a prototype system that detects unknown massive mailing viruses, are presented. 
Highly Cited
This paper has 24 citations. REVIEW CITATIONS

From This Paper

Figures, tables, and topics from this paper.

References

Publications referenced by this paper.
Showing 1-10 of 53 references

Windows NT/2000 Native API Reference

G. Nebbett
1st edn. MacMillan Technical Publishing • 2000
View 4 Excerpts
Highly Influenced

A Virtual Honeypot Framework

USENIX Security Symposium • 2004
View 3 Excerpts

Honeytoken

B. Pontz
CERT Honeypot Archive • 2004
View 1 Excerpt

Vbs.haptime.a@mm. Symantec Security Response (2004) http://securityresponse.symantec.com/avcenter/venc/data/ vbs.haptime.a@mm.html

S. Sevcenco
2004
View 3 Excerpts

W32.mydoom.a@mm. Symantec Security Response (2004) http://securityresponse.symantec.com/avcenter/venc/data/ w32.novarg.a@mm.html

P. Ferrie, T. Lee
2004
View 2 Excerpts