Windows Malware Detection Method Based on the Path IRP
2014 ◽
Vol 687-691
◽
pp. 2626-2629
Keyword(s):
Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.
2010 ◽
Vol 53
(12)
◽
pp. 2461-2471
◽
Keyword(s):
2014 ◽
Vol 519-520
◽
pp. 309-312
◽
Keyword(s):
2016 ◽
Vol 13
(6)
◽
pp. 4010-4017
◽
Keyword(s):