In-Execution Malware Detection Using Task Structures of Linux Processes

In this paper, the authors present a novel framework - it uses the information in kernel structures of a process - to do run-time analysis of the behavior of an executing program. Their analysis shows that classifying a process as malicious or benign - using the information in the kernel structures of a process - is not only accurate but also has low processing overheads; as a result, this lightweight framework can be incorporated within the kernel of an operating system. To provide a proof-of-concept of their paper, they design and implement their system as a kernel module in Linux.

Provided by: National University of Computer and Emerging Sciences Topic: Software Date Added: Feb 2011 Format: PDF

Find By Topic