File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/ACSAC.2006.16
- Scopus: eid_2-s2.0-39049086327
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: Back to the future: A framework for automatic malware removal and system repair
Title | Back to the future: A framework for automatic malware removal and system repair |
---|---|
Authors | |
Issue Date | 2006 |
Citation | Proceedings - Annual Computer Security Applications Conference, ACSAC, 2006, p. 257-266 How to Cite? |
Abstract | Malware, software with malicious intent, has emerged as a widely-spread threat to system security. It is difficult to detect malware reliably because new and polymorphic malware programs appear frequently. It is also difficult to remove malware and repair its damage to the system because it can extensively modify a system. We propose a novel framework for automatically removing malware from and repairing its damage to a system. The primary goal of our framework is to preserve system integrity. Our framework monitors and logs untrusted programs' operations. Using the logs, it can completely remove malware programs and their effects on the system. Our framework does not require signatures or other prior knowledge of malware behavior. We implemented this framework on Windows and evaluated it with seven spyware, trojan horses, and email worms. Comparing our tool with two popular commercial anti-malware tools, we found that our tool detected all the malware's modifications to the system detected by the commercial tools, but the commercial tools overlooked up to 97% of the modifications detected by our tool. The runtime and space overhead of our prototype tool is acceptable. Our experience suggests that this framework offers an effective new defense against malware. © 2006 IEEE. |
Persistent Identifier | http://hdl.handle.net/10722/346541 |
ISSN |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Hsu, Francis | - |
dc.contributor.author | Chen, Hao | - |
dc.contributor.author | Ristenpart, Thomas | - |
dc.contributor.author | Li, Jason | - |
dc.contributor.author | Su, Zhendong | - |
dc.date.accessioned | 2024-09-17T04:11:37Z | - |
dc.date.available | 2024-09-17T04:11:37Z | - |
dc.date.issued | 2006 | - |
dc.identifier.citation | Proceedings - Annual Computer Security Applications Conference, ACSAC, 2006, p. 257-266 | - |
dc.identifier.issn | 1063-9527 | - |
dc.identifier.uri | http://hdl.handle.net/10722/346541 | - |
dc.description.abstract | Malware, software with malicious intent, has emerged as a widely-spread threat to system security. It is difficult to detect malware reliably because new and polymorphic malware programs appear frequently. It is also difficult to remove malware and repair its damage to the system because it can extensively modify a system. We propose a novel framework for automatically removing malware from and repairing its damage to a system. The primary goal of our framework is to preserve system integrity. Our framework monitors and logs untrusted programs' operations. Using the logs, it can completely remove malware programs and their effects on the system. Our framework does not require signatures or other prior knowledge of malware behavior. We implemented this framework on Windows and evaluated it with seven spyware, trojan horses, and email worms. Comparing our tool with two popular commercial anti-malware tools, we found that our tool detected all the malware's modifications to the system detected by the commercial tools, but the commercial tools overlooked up to 97% of the modifications detected by our tool. The runtime and space overhead of our prototype tool is acceptable. Our experience suggests that this framework offers an effective new defense against malware. © 2006 IEEE. | - |
dc.language | eng | - |
dc.relation.ispartof | Proceedings - Annual Computer Security Applications Conference, ACSAC | - |
dc.title | Back to the future: A framework for automatic malware removal and system repair | - |
dc.type | Conference_Paper | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1109/ACSAC.2006.16 | - |
dc.identifier.scopus | eid_2-s2.0-39049086327 | - |
dc.identifier.spage | 257 | - |
dc.identifier.epage | 266 | - |