Detecting Malicious Software By Monitoring Program Behavior

碩士 === 大同大學 === 資訊工程研究所 === 92 === We present a host-based intrusion detection system (IDS) for Microsoft Windows. The system is an algorithm that detects malicious program on the host machine by monitoring Windows API-Calls. The idea is to train a behavior model of malicious programs, and use this...

Full description

Bibliographic Details
Main Authors: Ming-Chang Chiu, 邱銘彰
Other Authors: Jin-Cherng Lin
Format: Others
Language:en_US
Published: 2004
Online Access:http://ndltd.ncl.edu.tw/handle/40000383922506642078
Description
Summary:碩士 === 大同大學 === 資訊工程研究所 === 92 === We present a host-based intrusion detection system (IDS) for Microsoft Windows. The system is an algorithm that detects malicious program on the host machine by monitoring Windows API-Calls. The idea is to train a behavior model of malicious programs, and use this model to detect malicious programs at run-time. Once there models have been established, subsequent API-Log are analyzed to identify deviations, given the assumption that anomalies usually represent evidence of an attack.