TY - GEN
T1 - An Unknown Malware Detection Using Execution Registry Access
AU - Kono, Kento
AU - Phomkeona, Sanouphab
AU - Okamura, Koji
N1 - Funding Information:
ACKNOWLEDGMENT This research was supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST) and JSPS KAKENHI Grant Number JP16K004-80.
PY - 2018/6/8
Y1 - 2018/6/8
N2 - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.
AB - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.
UR - http://www.scopus.com/inward/record.url?scp=85055556055&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85055556055&partnerID=8YFLogxK
U2 - 10.1109/COMPSAC.2018.10281
DO - 10.1109/COMPSAC.2018.10281
M3 - Conference contribution
AN - SCOPUS:85055556055
T3 - Proceedings - International Computer Software and Applications Conference
SP - 487
EP - 491
BT - Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018
A2 - Demartini, Claudio
A2 - Reisman, Sorel
A2 - Liu, Ling
A2 - Tovar, Edmundo
A2 - Takakura, Hiroki
A2 - Yang, Ji-Jiang
A2 - Lung, Chung-Horng
A2 - Ahamed, Sheikh Iqbal
A2 - Hasan, Kamrul
A2 - Conte, Thomas
A2 - Nakamura, Motonori
A2 - Zhang, Zhiyong
A2 - Akiyama, Toyokazu
A2 - Claycomb, William
A2 - Cimato, Stelvio
PB - IEEE Computer Society
T2 - 42nd IEEE Computer Software and Applications Conference, COMPSAC 2018
Y2 - 23 July 2018 through 27 July 2018
ER -