A framework to detect novel computer viruses via system calls.

Abimbola, Abiola, Munoz, Jose and Buchanan, William J (2006) A framework to detect novel computer viruses via system calls. In: 7th Annual PG Symposium on The Convergence of Telecommunications, Networking and Broadcasting. PGNet, John Moores University, Liverpool, UK, pp. 308-313. ISBN 1-9025-6013-9

Download (310kB) | Preview


    This paper describes a framework for detecting self-propagating email viruses based on deterministic system calls derived from associated email client’s dynamic link libraries (DLLs). Our research approach is based on the principle that a key objective of an email virus attack is to eventually overwhelm a mail server and clients with large volume of email traffic. A virus achieves this by propagating to other email addresses in the infected email client inbox, alongside activating its payload. In doing this, the virus executes certain malicious processes, resulting in the creation of abnormal system calls via related DLLs. Our research effort advances Stephen Forrester earlier contribution that proved normal and abnormal system calls from a email client in a Unix platform could be differentiated, by describing a framework on how to monitor and detect abnormal system calls in real-time from an email application.

    Item Type: Book Section
    ISBN: 1-9025-6013-9
    Uncontrolled Keywords: Self-propagating email viruses; determinastic system calls; dynamic link libraries; malicious processes; abnormal system calls; real-time;
    University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
    Dewey Decimal Subjects: 000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data > 005.8 Data security
    Library of Congress Subjects: Q Science > QA Mathematics > QA76 Computer software
    Item ID: 3976
    Depositing User: Professor Bill Buchanan
    Date Deposited: 21 Dec 2010 12:06
    Last Modified: 12 Jan 2011 04:56

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...

    Edinburgh Napier University is a registered Scottish charity. Registration number SC018373