Detecting Malicious Software By Monitoring Program Behavior
碩士 === 大同大學 === 資訊工程研究所 === 92 === We present a host-based intrusion detection system (IDS) for Microsoft Windows. The system is an algorithm that detects malicious program on the host machine by monitoring Windows API-Calls. The idea is to train a behavior model of malicious programs, and use this...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2004
|
Online Access: | http://ndltd.ncl.edu.tw/handle/40000383922506642078 |
Summary: | 碩士 === 大同大學 === 資訊工程研究所 === 92 === We present a host-based intrusion detection system (IDS) for Microsoft Windows. The system is an algorithm that detects malicious program on the host machine by monitoring Windows API-Calls. The idea is to train a behavior model of malicious programs, and use this model to detect malicious programs at run-time. Once there models have been established, subsequent API-Log are analyzed to identify deviations, given the assumption that anomalies usually represent evidence of an attack.
|
---|