How to detect malware on computer systems
Despite having anti-virus software installed on the computer systems, if a new virus is released before the antivirus software detects it, the system can be infected.
Washington: Despite having anti-virus software installed on the computer systems, if a new virus is released before the antivirus software detects it, the system can be infected.
However, researchers have found a way for virus detection that acts as a third layer on top of scanning for known viruses and heuristic scanning .
The new approach employs a data mining algorithm to identify malicious code on a system and the anomaly of behaviour patterns detected is predominantly based on the rate at which various operating system functions are being `called`.
The idea is to incorporate built-in defences in the anti-virus software against viruses and other computer malware for which they have no prior knowledge.
These defences usually respond to unusual activity that resembles the way viruses behave once they have infected a system. This so-called heuristic approach combined with regularly updated antivirus software can protect the system against known viruses and even zero-day viruses.
The research team of Mamoun Alazab (ANU) and Sitalakshmi Venkatraman (NMIT) explained that securing computer systems against new diverse malware is becoming harder since it requires a continuing improvement in the detection engines.
They said that what is most important is to expand the knowledgebase for security research through anomaly detection by applying innovative pattern recognition techniques with appropriate machine learning algorithms to detect unknown malicious behaviour.