Views
3 years ago

A Model Checking Framework For Developing Scalable Antivirus ...

A Model Checking Framework For Developing Scalable Antivirus ...

A Model Checking Framework For Developing Scalable Antivirus

Vol 5. No. 3, May, 2012 ISSN 2006-1781African Journal of Computing & ICT© 2012 Afr J Comp & ICT – All Rights Reservedwww.ajocict.netA Model Checking Framework For Developing Scalable Antivirus SystemsE. OsaghaeDepartment of Computer ScienceUniversity of Port Harcourt\Port Harcourt, Nigeria.edgarbros@yahoo.comS.C.Chiemeke PhDDepartment of Computer ScienceUniversity of BeninBenin City, Nigeriaschiemeke@uniben.edu.ng.ABSTRACTConventional antivirus products rely on signature matching technique to detect malicious programs. Signature matching technique needsconstant connection to the internet so that the antivirus companies can send new updates to their clients’ computers antivirus database,and the database may be very large to the extent that it slows down the computer performance. This method therefore fails to detect newand unknown viruses. We propose and implemented a model checking framework as a novel technique to improve static malwaredetection. Model checking technique is employed to determine behavioural patterns of an executable program on assembly programminglevel. Deterministic finite automata technique is used to extract the set of Application Programming Interface (API) functions used formalicious activities, which has been identified by the model checking technique. Naïve Bayes technique is used to identify only APIfunctions used by a virus program based on self-modification, self-referential and self-replication. Chi square techniques is used toidentify Trojan, worm and unknown malicious attributes from the codes already examined by the Naïve Bayes technique. Weimplemented the proposed framework by developing a scalable antivirus system called “Intellect” using c++ 2008 programminglanguage and the results of detection is sent to a file. We tested one hundred benign files, one hundred viruses, one hundred Trojan horsesand one hundred worms. Preliminary results from our test runs shows that the antivirus is efficient at detecting viruses, Trojans, wormsand unknown malicious programs.Keywords: Virus detection, Model checking, Naïve Bayes, Deterministic Finite Automata, and Chi Square.1. INTRODUCTIONThe internet is proliferated with more computers beingconnected to it on daily basis although, this is an improvementto the world of information technology and there is also a darkside: malware. Malware is becoming increasingly common andposes a major threat to individuals and businesses, as it isemployed by both criminals and vandals to steal valuableinformation, commit fraud, send junk mail or attack computersystems (Bohne, 2008). A study between 2004 and 2007 showedthat antivirus companies required an average of six (6) hours toanalyze and extract a signature from a newly discovered virusand add it to their signature database. In 2006, a Federal Bureauof Investigation (FBI) survey reported computer viruses asnumber one cause of financial loss for American companies.African Journal of Computing & ICT Reference Format:E. Osaghae & S.C. Chiemeke (2012). A Model Checking FrameworkFor Developing Scalable Antivirus Systems. Afr J. of Comp & ICTs.Vol 5, No. 3. pp 37-48© African Journal of Computing & ICT May, 2012- ISSN 2006-1781Kaspersky labs reported a strong rise in the number of newviruses and momentum in the second half of the year with emailworms topping the list. Despite this growing problem, antiviruscompanies continue to use signature databases as their primarytool for virus detection. In 2006, Kespersky labs averaged10,000 new record updates to its signature database per monthand 200 new malware samples per day. Even after solutionshave been released it is unknown how much time passes until allend user signature databases are updated. It is clear that antiviruscompanies will continue to improperly and slowly handle theever growing virus problem using signature databases as thecenterpiece for detection (Morales, 2008).Microsoft operating system applications are the targets of manyviruses because the operating system is widely used compared toother operating systems. There are about 60,000 viruses knownfor Windows, 40 or so for the Macintosh, about 5 forcommercial Unix versions, and perhaps 40 for Linux. Most ofthe Windows viruses have caused widespread monetarydamages. Two or three of the Macintosh viruses werewidespread enough to be of importance, none of the Unix orLinux viruses became widespread because most were confinedto the laboratory (Granneman, 2003).37

Development of Scalable Electrical Models for High-Voltage LDMOS
A Scalable Online Course Development Model - UPCEA
On the OMFIT modeling framework and the development of steady ...
A professional development framework for e-learning - Niace
Why Laravel is Best PHP Framework for Development in 2017?
Scalable Software Model Checking Using Design for Verification*
A mapping and localization framework for scalable ... - Irisa
Scalability Analysis Framework for Distributed Systems
JANUS: A Framework for Scalable and Secure Routing in Hybrid ...
A New Framework for Scalable Parallel Tree Search - Coin-OR
Kandoo: A Framework for Efficient and Scalable ... - Events - Sigcomm
VDM++ as a Basis of Scalable Agile Formal Software Development
Model Checking Framework-based Applications with AspectJ ...
A Model-Driven Framework for Developing Web Service Oriented ...
a framework for developing conceptual models of the mission space ...
A Model-Based Framework for Developing and Deploying Data ...
An integrated framework for checking the behaviour of fUML models ...
The Reading Mandala A Scalable Model for ... - KZN Education
Developing Enterprise Security Frameworks
Development of a Modeling Framework for Analyzing Improvements ...
Framework for Teaching Software Development - Wseas.us
Model Checking Malicious Code - Foundations of Software ...
CROSSING: A FRAMEWORK TO DEVELOP KNOWLEDGE-BASED ...
The purpose of the study is to develop a theoretical framework of ...
A Framework for the Development of Mobile Social Software on ...
A Framework for Developing an Assessment of Industry Based ...
framework interdisciplinary software reliability modeling in ...
Development of a Quasi-3D Multiscale Modeling Framework