Electrical and computer engineering doctoral candidate Patricia Moat has devised a new malware detection technique that does not scour systems for malicious code, but instead monitors for abnormal communications within the system itself.
Moat’s methodology scans for suspicious system calls – communication an operating system and applications that are running – instead of reviewing all code running on a network and comparing it to the signatures of millions of known malware programs.
First, the researchers create a profile of the network’s normal operating parameters – a system state sort of snapshot of what “good” looks like. A constant review of system calls for any abnormalities that do not correspond to the established profile can reveal if an attack is underway.
This technique could be more effective in defending against zero-day threats or attacks that employ advanced evasion techniques.
“This [technique] is like catching an intruder coming into your house. And it excites me to do something most people have never done,” Moat said of here work, which is being funded by the Air Force Office of Scientific Research.
Read More Here…