In-Execution Malware Detection Using Task Structures of Linux Processes

Download Now Free registration required

Executive Summary

In this paper, the authors present a novel framework - it uses the information in kernel structures of a process - to do run-time analysis of the behavior of an executing program. Their analysis shows that classifying a process as malicious or benign - using the information in the kernel structures of a process - is not only accurate but also has low processing overheads; as a result, this lightweight framework can be incorporated within the kernel of an operating system. To provide a proof-of-concept of their paper, they design and implement their system as a kernel module in Linux.

  • Format: PDF
  • Size: 494.11 KB