An Improved Process Supervision and Control Method for Malware Detection

  • Ghadeer Written by
  • Update: 30/06/2022

An Improved Process Supervision and Control Method for Malware Detection

Behnam Shamshirsaz

Department of Electrical and Computer Engineering, Kharazmi University, Iran

This email address is being protected from spambots. You need JavaScript enabled to view it.

Seyyed Amir Asghari

Department of Electrical and Computer Engineering, Kharazmi University, Iran

This email address is being protected from spambots. You need JavaScript enabled to view it.

Mohammadreza Binesh Marvasti

Department of Electrical and Computer Engineering, Kharazmi University, Iran

This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract: Most modern-day malware detection methods and algorithms are based on prior knowledge of malware specifications. Discovering new malwares by solely relying on computer based automatic solutions with no human intervention currently appears out of reach. Many malwares never decode harmful parts of their code until the triggering of a specific event. Others detect virtual machine or sandbox environments and hide their true nature. Detecting these kinds of malwares-specifically multi evented ones-are nearly impossible for fully automatic detection methods. Previous research found that about 75% of malwares studied did not react in a fully automatic environment without user intervention thus being undetectable. This paper introduces a near automated solution to detect malwares quickly by relying on a supervision and control method based on user level capabilities of the operating system. Improving on previous methods, this research can replace the need for debugging new malwares in almost all aspects. This solution forces malwares in automated environments to activate and be discoverable. Researcher intervention during malware code execution along with the malware’s intent over calling sensitive operating system functions and parameters aid this process. Since operating system functions are virtualized malwares are incapable of physically harming the system during execution. The solution reached 98% overall accuracy in conjunction with reducing code size by 80% in comparison with similar techniques, improving simplicity and reliability.

Keywords: Mid-level code, malware detection, process supervision, microsoft windows, anti-virus, endpoint detection and response.

Received November 12, 2019; accepted February 9, 2021

https://doi.org/10.34028/iajit/19/4/9

Full text

Read 595 times
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…