Institute of Electrical and Electronics Engineers Inc.;New York: IEEE
摘要:
摘要: In the last several decades, the arms race between malware writers and antivirus programmers has become more and more severe. The simplest way for a computer user to secure his computer is to install antivirus software on his computer. As antivirus software becomes more sophisticated and powerful, evading the detection of antivirus software becomes an important part of malware. As a result, malware writers have developed various approaches to increase the survivability and concealment of their malware. One of these technologies is to terminate antivirus software right after the execution of the malware. In this paper, we propose a mechanism, called ANtivirus Software Shield (ANSS), to prevent antivirus software from being terminated without the consciousness of the antivirus software users. ANSS uses System Service Descriptor Table (SSDT) hooking to intercept specific Windows APIs and analyzes them to filter out hazardous API calls that will terminate antivirus software. When using several pieces of malware that can terminate various brands of antivirus applications to make our experiments, the results show that ANSS can protect antivirus software from being terminated by them with at most 0.42% CPU performance overhead and 1.77% memory write performance overhead. 其他題名: TIFS 出版者: New York: IEEE 出版日期: 2012-10-01 出處: IEEE Transactions on Information Forensics and Security, 2012-10, Vol.7 (5), p.1439-1447 資源來源: IEEE Electronic Library (IEL) 版權: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Oct 2012 識別號: ISSN: 1556-6013 識別號: EISSN: 1556-6021 識別號: DOI: 10.1109/TIFS.2012.2206028 識別號: CODEN: ITIFA6
