An Unknown Malware Detection Using Execution Registry Access

Kento Kono, Sanouphab Phomkeona, Koji Okamura

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

Original languageEnglish
Title of host publicationProceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018
EditorsClaudio Demartini, Sorel Reisman, Ling Liu, Edmundo Tovar, Hiroki Takakura, Ji-Jiang Yang, Chung-Horng Lung, Sheikh Iqbal Ahamed, Kamrul Hasan, Thomas Conte, Motonori Nakamura, Zhiyong Zhang, Toyokazu Akiyama, William Claycomb, Stelvio Cimato
PublisherIEEE Computer Society
Pages487-491
Number of pages5
ISBN (Electronic)9781538626665
DOIs
Publication statusPublished - Jun 8 2018
Event42nd IEEE Computer Software and Applications Conference, COMPSAC 2018 - Tokyo, Japan
Duration: Jul 23 2018Jul 27 2018

Publication series

NameProceedings - International Computer Software and Applications Conference
Volume2
ISSN (Print)0730-3157

Other

Other42nd IEEE Computer Software and Applications Conference, COMPSAC 2018
CountryJapan
CityTokyo
Period7/23/187/27/18

Fingerprint

Computer viruses
Viruses
Malware
Experiments

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Science Applications

Cite this

Kono, K., Phomkeona, S., & Okamura, K. (2018). An Unknown Malware Detection Using Execution Registry Access. In C. Demartini, S. Reisman, L. Liu, E. Tovar, H. Takakura, J-J. Yang, C-H. Lung, S. I. Ahamed, K. Hasan, T. Conte, M. Nakamura, Z. Zhang, T. Akiyama, W. Claycomb, ... S. Cimato (Eds.), Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018 (pp. 487-491). [8377909] (Proceedings - International Computer Software and Applications Conference; Vol. 2). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2018.10281

An Unknown Malware Detection Using Execution Registry Access. / Kono, Kento; Phomkeona, Sanouphab; Okamura, Koji.

Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. ed. / Claudio Demartini; Sorel Reisman; Ling Liu; Edmundo Tovar; Hiroki Takakura; Ji-Jiang Yang; Chung-Horng Lung; Sheikh Iqbal Ahamed; Kamrul Hasan; Thomas Conte; Motonori Nakamura; Zhiyong Zhang; Toyokazu Akiyama; William Claycomb; Stelvio Cimato. IEEE Computer Society, 2018. p. 487-491 8377909 (Proceedings - International Computer Software and Applications Conference; Vol. 2).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kono, K, Phomkeona, S & Okamura, K 2018, An Unknown Malware Detection Using Execution Registry Access. in C Demartini, S Reisman, L Liu, E Tovar, H Takakura, J-J Yang, C-H Lung, SI Ahamed, K Hasan, T Conte, M Nakamura, Z Zhang, T Akiyama, W Claycomb & S Cimato (eds), Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018., 8377909, Proceedings - International Computer Software and Applications Conference, vol. 2, IEEE Computer Society, pp. 487-491, 42nd IEEE Computer Software and Applications Conference, COMPSAC 2018, Tokyo, Japan, 7/23/18. https://doi.org/10.1109/COMPSAC.2018.10281
Kono K, Phomkeona S, Okamura K. An Unknown Malware Detection Using Execution Registry Access. In Demartini C, Reisman S, Liu L, Tovar E, Takakura H, Yang J-J, Lung C-H, Ahamed SI, Hasan K, Conte T, Nakamura M, Zhang Z, Akiyama T, Claycomb W, Cimato S, editors, Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. IEEE Computer Society. 2018. p. 487-491. 8377909. (Proceedings - International Computer Software and Applications Conference). https://doi.org/10.1109/COMPSAC.2018.10281
Kono, Kento ; Phomkeona, Sanouphab ; Okamura, Koji. / An Unknown Malware Detection Using Execution Registry Access. Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. editor / Claudio Demartini ; Sorel Reisman ; Ling Liu ; Edmundo Tovar ; Hiroki Takakura ; Ji-Jiang Yang ; Chung-Horng Lung ; Sheikh Iqbal Ahamed ; Kamrul Hasan ; Thomas Conte ; Motonori Nakamura ; Zhiyong Zhang ; Toyokazu Akiyama ; William Claycomb ; Stelvio Cimato. IEEE Computer Society, 2018. pp. 487-491 (Proceedings - International Computer Software and Applications Conference).
@inproceedings{fac40d7618ee4eaabb92e744c4b47fa8,
title = "An Unknown Malware Detection Using Execution Registry Access",
abstract = "Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.",
author = "Kento Kono and Sanouphab Phomkeona and Koji Okamura",
year = "2018",
month = "6",
day = "8",
doi = "10.1109/COMPSAC.2018.10281",
language = "English",
series = "Proceedings - International Computer Software and Applications Conference",
publisher = "IEEE Computer Society",
pages = "487--491",
editor = "Claudio Demartini and Sorel Reisman and Ling Liu and Edmundo Tovar and Hiroki Takakura and Ji-Jiang Yang and Chung-Horng Lung and Ahamed, {Sheikh Iqbal} and Kamrul Hasan and Thomas Conte and Motonori Nakamura and Zhiyong Zhang and Toyokazu Akiyama and William Claycomb and Stelvio Cimato",
booktitle = "Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018",
address = "United States",

}

TY - GEN

T1 - An Unknown Malware Detection Using Execution Registry Access

AU - Kono, Kento

AU - Phomkeona, Sanouphab

AU - Okamura, Koji

PY - 2018/6/8

Y1 - 2018/6/8

N2 - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

AB - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

UR - http://www.scopus.com/inward/record.url?scp=85055556055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055556055&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2018.10281

DO - 10.1109/COMPSAC.2018.10281

M3 - Conference contribution

AN - SCOPUS:85055556055

T3 - Proceedings - International Computer Software and Applications Conference

SP - 487

EP - 491

BT - Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018

A2 - Demartini, Claudio

A2 - Reisman, Sorel

A2 - Liu, Ling

A2 - Tovar, Edmundo

A2 - Takakura, Hiroki

A2 - Yang, Ji-Jiang

A2 - Lung, Chung-Horng

A2 - Ahamed, Sheikh Iqbal

A2 - Hasan, Kamrul

A2 - Conte, Thomas

A2 - Nakamura, Motonori

A2 - Zhang, Zhiyong

A2 - Akiyama, Toyokazu

A2 - Claycomb, William

A2 - Cimato, Stelvio

PB - IEEE Computer Society

ER -