2022/9/28

NewApproach for Detecting Unknown Malicious Executables. J Forensic Res 1: 112. doi: 10.4172/2157-7145.10001 12

B Rozenberg, E Gudes, Y Elovici, Y Fledel

OMICS Publishing Group J Forensic Res ISSN, 2010

We present a method for detecting new malicious executables, which comprise the following steps:(a) in an offline training phase, finding a set of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in a real time detection phase, for each running executable, continuously monitoring its issued system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. We have evaluated our method and the preliminary results are promising and justify the use of system calls sequences for the purpose of detection of new malicious executables.In this paper we try to provide a general, real time detection method that is more reliable than existing methods. Our method comprises of the following steps:(a) in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database;(b) in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious. A major …