A Framework to detect novel Computer Viruses via System Calls

Abimbola, A., Munoz, J., Buchanan, W. (2006). A Framework to detect novel Computer Viruses via System Calls. In: Merabti, M., Pereira, R., Abuelma'atti, O. (Eds.) 7th Annual PG Symposium on The Convergence of Telecommunications, Networking and Broadcasting, , () ( ed.). (pp. 308-313). John Moores University, Liverpool, UK: . PGNet.


ISBN: 1-9025-6013-9
ISSN:

Abstract

This paper describes a framework for detecting self-propagating email viruses based on deterministic system calls derived from associated email client’s dynamic link libraries (DLLs). Our research approach is based on the principle that a key objective of an email virus attack is to eventually overwhelm a mail server and clients with large volume of email traffic. A virus achieves this by propagating to other email addresses in the infected email client inbox, alongside activating its payload. In doing this, the virus executes certain malicious processes, resulting in the creation of abnormal system calls via related DLLs. Our research effort advances Stephen Forrester earlier contribution that proved normal and abnormal system calls from a email client in a Unix platform could be differentiated, by describing a framework on how to monitor and detect abnormal system calls in real-time from an email application.
[Read More]

Authors

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759

Areas of Expertise

Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects