SlideShare a Scribd company logo

Artificial Intelligence in Virus Detection & Recognition

Download as PPTX, PDF
A
ahmadali999
EducationTechnology
1 of 27
ARTIFICIAL INTELLIGENCE METHODS IN VIRUS DETECTION & RECOGNITION INTRODUCTION TO HEURISTIC SCANNING AHMAD ALI. A 09409002 S7 CSE
PRESENTATION OUTLINE Introduction Fundamentals of malware Metaheuristics in Virus Detection & Recognition Heuristic scanning theory Lacks in specific detection Heuristic scanning conception Recognizing potential threat Coping with anti-heuristic mechanisms Towards accuracy improvement Summary
MALWARE Malware (malicious software) is a software designed to infiltrate or damage a computer system without the owner's informed consent.
MALWARE TYPES It is important to be aware that nevertheless all of them have similar purpose, each one behave differently. Viruses Worms Wabbits Trojan horses Exploits/Backdoors Rootkits Key loggers/Dialers Hoaxes
INFECTION STRATEGIES Nonresident viruses: The simplest form of viruses which don't stay in memory, but infect founded executable file and search for another to replicate. Resident viruses: More complex and efficient type of viruses which stay in memory and hide their presence from other processes. Fast infectors: Type which is designed to infect as many files as possible. Slow infectors: Using stealth and encryption techniques to stay undetected outlast.
Heuristic Heuristic is a method to solve a problem, commonly an informal method. It is particularly used to rapidly come to a solution that is reasonably close to the best possible answer, or 'optimal solution'... Metaheuristic Metaheuristic is a heuristic method which combines user- given black-box procedures in a hopefully efficient way. Metaheuristics are generally applied to problems for which there is no satisfactory problem-specific algorithm or heuristic.
GENERAL METAHEURISTICS List below shows main metaheuristics used for virus detection and recognition: Pattern matching Automatic learning Environment emulation Neural networks Data mining Bayes networks Hidden Markov models and other...
LACKS IN SPECIFIC DETECTION There are two basic methods to detect viruses - specific and generic. Why is generic detection gaining importance? There are four reasons: The number of viruses increases rapidly. The number of virus mutants increases. The development of polymorphic viruses. Viruses directed at a specific organization or company.
Specific detection methods like signature scanning became very efficient ways of detecting known threats. Finding specific signature in code allows scanner to recognize every virus which signature has been stored in built-in database. BB ?2 B9 10 01 81 37 ?2 81 77 02 ?2 83 C3 04 E2 F2 FireFly virus signature(hexadecimal)
Problem occurs when virus source is changed by a programmer or mutation engine. Signature is being malformed due to even minor changes. Virus may behave in an exactly same way but is undetectable due to new, unique signature. BB ?2 B9 10 01 81 37 ?2 81 A1 D3 ?2 01 C3 04 E2 F2 Malformed signature(hexadecimal)
HEURISTIC SCANNING CONCEPTION Q: How to recognize a virus without any knowledge about its internal structure? A: By examining its behavior and characteristics.
FIGURE: VIRUS EVOLUTION CHAIN
Heuristic scanning in its basic form is implementation of three metaheuristics: Pattern matching Automatic learning Environment emulation Of course modern solutions provide more functionalities but principle stays the same.
The basic idea of heuristic scanning is to examine assembly language instruction sequences(step-by-step) If there are sequences behaving suspiciously, program can be qualified as a virus.
RECOGNIZING POTENTIAL THREAT Singular suspicion is never a reason to trigger the alarm. But if the same program also tries to stay resident and contains routine to search for executables, it is highly probable that it's a real virus.
HEURISTIC SCANNING AS ARTIFICIAL NEURON Figure: Single-layer classifier with threshold
MALWARE EVOLVES Viruses started to use various stealth techniques. This allowed them to be invisible for traditional scanner. Moreover, most of them started using real-time encryption.
Pattern matching is not enough Why not to create artificial runtime environment to let the virus do its job? Such approach found implementation in environment emulation engines, which became standard AV software weapon.
VIRTUAL REALITY Anti-virus program provides a virtual machine with independent operating system and allows virus to perform its routines. Behavior and characteristics are being continuously examined, while virus is not aware that is working on a fake system. This leads to decryption routines and revealment of its true nature. Also stealth techniques are useless because whole VM is monitored by AV software.
FALSE POSITIVES & AUTOMATIC LEARNING HS will blame innocent programs for being potential threats. Such behavior is called false positive. We must be aware that program is right when rising alarm, because scanned app posses suspicious sequences, we can't blame scanner for failure.
Q: So what can be done to avoid false positives? A: Automatic learning!
AVOIDING FALSE POSITIVES & IMPROVING ACCURACY Assume that machine is not infected. Combine scanning techniques Definition of (combinations of) suspicious abilities. Recognition of common program codes Recognition of specific programs
WHAT CAN BE EXPECTED FROM IT IN THE FUTURE? The Development Continues Most anti-virus developers still do not supply a ready-to-use heuristic analyzer. Those who have heuristics already available are still improving it.
SUMMARY Basically HS is inherited from combination of pattern matching, automatic learning and environment emulation metaheuristics. As a heuristic method it's not 100% effective. So why do we apply HS? Pros Can detect 'future' threats User is less dependent on product update Improves conventional scanning results Cons False positives Making decision after alarm requires knowledge
REFERENCES Data mining methods for detection of new malicious executable-MATHEW.G CHU LTZ Heuristics scanner for Artificial Intelligence- RIGHARD ZWIENEN DERG Heuristics Antivirus technology- FRANSVELDSMAN
Why?... Questions ? What if?...
THANK YOU

Recommended

Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Wojciech Podgórski
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
UltraUploader
 
Malware detection
Malware detectionMalware detection
Malware detection
ssuser1eca7d
 
Antimalware
AntimalwareAntimalware
Antimalware
Mayank Chaudhari
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
IJET - International Journal of Engineering and Techniques
 
Clustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsClustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security Applications
IJSTA
 
Enhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationEnhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity Information
Zhenyun Zhuang
 

Recommended

Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Wojciech Podgórski
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networks
ijsrd.com
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generation
UltraUploader
 
Malware detection
Malware detectionMalware detection
Malware detection
ssuser1eca7d
 
Antimalware
AntimalwareAntimalware
Antimalware
Mayank Chaudhari
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
IJET - International Journal of Engineering and Techniques
 
Clustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsClustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security Applications
IJSTA
 
Enhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationEnhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity Information
Zhenyun Zhuang
 
Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus Approach
IJNSA Journal
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction System
Azri Hafiz
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
IJNSA Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
Editor IJARCET
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine Learning
IRJET Journal
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
ArshadRaja786
 
Malwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionMalwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant Extraction
IOSR Journals
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structure
iosrjce
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signatures
UltraUploader
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
Shubham Dubey
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
Chong-Kuan Chen
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Pietro De Nicolao
 
A malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningA malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learning
jaigera
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
Japneet Singh
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
Editor IJMTER
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
UltraUploader
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
Bhagyashri Chalakh
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
Shruthi Reddy
 
lisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramminglisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramming
Antonio Garrote Hernández
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
Antiy Labs
 
Virus detection system
Virus detection systemVirus detection system
Virus detection system
Akshay Surve
 

More Related Content

What's hot

Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus Approach
IJNSA Journal
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction System
Azri Hafiz
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
IJNSA Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
Editor IJARCET
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
Venkat Projects
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signatures
UltraUploader
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
UltraUploader
 

What's hot (19)

Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus Approach
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction System
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine Learning
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
 
Malwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionMalwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant Extraction
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structure
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signatures
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
 
A malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningA malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learning
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 

Viewers also liked

Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
Antiy Labs
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
Antiy Labs
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and prevention
Cholo Legisma
 
Knowledge representation in AI
Knowledge representation in AIKnowledge representation in AI
Knowledge representation in AI
Vishal Singh
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligence
vallibhargavi
 

Viewers also liked (16)

lisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramminglisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramming
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
Virus detection system
Virus detection systemVirus detection system
Virus detection system
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and prevention
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence
 
Knowledge representation in AI
Knowledge representation in AIKnowledge representation in AI
Knowledge representation in AI
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications
 
Artificial Intelligence
Artificial IntelligenceArtificial Intelligence
Artificial Intelligence
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligence
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computing
 

Similar to Artificial Intelligence in Virus Detection & Recognition

A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
UltraUploader
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
infantsuk
 
Presentation.pptx..................................
Presentation.pptx..................................Presentation.pptx..................................
Presentation.pptx..................................
Shivakrishnan18
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
Editor IJARCET
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
IJNSA Journal
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
ijcsa
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
Satyam Sangal
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
rtodd884
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithms
UltraUploader
 

Similar to Artificial Intelligence in Virus Detection & Recognition (20)

Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 
Presentation (1).pptx
Presentation (1).pptxPresentation (1).pptx
Presentation (1).pptx
 
Presentation.pptx..................................
Presentation.pptx..................................Presentation.pptx..................................
Presentation.pptx..................................
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
 
Malware1
Malware1Malware1
Malware1
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithms
 

Recently uploaded

Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 

Recently uploaded (20)

fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 

Artificial Intelligence in Virus Detection & Recognition

  • 1. ARTIFICIAL INTELLIGENCE METHODS IN VIRUS DETECTION & RECOGNITION INTRODUCTION TO HEURISTIC SCANNING AHMAD ALI. A 09409002 S7 CSE
  • 2. PRESENTATION OUTLINE Introduction Fundamentals of malware Metaheuristics in Virus Detection & Recognition Heuristic scanning theory Lacks in specific detection Heuristic scanning conception Recognizing potential threat Coping with anti-heuristic mechanisms Towards accuracy improvement Summary
  • 3. MALWARE Malware (malicious software) is a software designed to infiltrate or damage a computer system without the owner's informed consent.
  • 4. MALWARE TYPES It is important to be aware that nevertheless all of them have similar purpose, each one behave differently. Viruses Worms Wabbits Trojan horses Exploits/Backdoors Rootkits Key loggers/Dialers Hoaxes
  • 5. INFECTION STRATEGIES Nonresident viruses: The simplest form of viruses which don't stay in memory, but infect founded executable file and search for another to replicate. Resident viruses: More complex and efficient type of viruses which stay in memory and hide their presence from other processes. Fast infectors: Type which is designed to infect as many files as possible. Slow infectors: Using stealth and encryption techniques to stay undetected outlast.
  • 6. Heuristic Heuristic is a method to solve a problem, commonly an informal method. It is particularly used to rapidly come to a solution that is reasonably close to the best possible answer, or 'optimal solution'... Metaheuristic Metaheuristic is a heuristic method which combines user- given black-box procedures in a hopefully efficient way. Metaheuristics are generally applied to problems for which there is no satisfactory problem-specific algorithm or heuristic.
  • 7. GENERAL METAHEURISTICS List below shows main metaheuristics used for virus detection and recognition: Pattern matching Automatic learning Environment emulation Neural networks Data mining Bayes networks Hidden Markov models and other...
  • 8. LACKS IN SPECIFIC DETECTION There are two basic methods to detect viruses - specific and generic. Why is generic detection gaining importance? There are four reasons: The number of viruses increases rapidly. The number of virus mutants increases. The development of polymorphic viruses. Viruses directed at a specific organization or company.
  • 9. Specific detection methods like signature scanning became very efficient ways of detecting known threats. Finding specific signature in code allows scanner to recognize every virus which signature has been stored in built-in database. BB ?2 B9 10 01 81 37 ?2 81 77 02 ?2 83 C3 04 E2 F2 FireFly virus signature(hexadecimal)
  • 10. Problem occurs when virus source is changed by a programmer or mutation engine. Signature is being malformed due to even minor changes. Virus may behave in an exactly same way but is undetectable due to new, unique signature. BB ?2 B9 10 01 81 37 ?2 81 A1 D3 ?2 01 C3 04 E2 F2 Malformed signature(hexadecimal)
  • 11. HEURISTIC SCANNING CONCEPTION Q: How to recognize a virus without any knowledge about its internal structure? A: By examining its behavior and characteristics.
  • 13. Heuristic scanning in its basic form is implementation of three metaheuristics: Pattern matching Automatic learning Environment emulation Of course modern solutions provide more functionalities but principle stays the same.
  • 14. The basic idea of heuristic scanning is to examine assembly language instruction sequences(step-by-step) If there are sequences behaving suspiciously, program can be qualified as a virus.
  • 15. RECOGNIZING POTENTIAL THREAT Singular suspicion is never a reason to trigger the alarm. But if the same program also tries to stay resident and contains routine to search for executables, it is highly probable that it's a real virus.
  • 16. HEURISTIC SCANNING AS ARTIFICIAL NEURON Figure: Single-layer classifier with threshold
  • 17. MALWARE EVOLVES Viruses started to use various stealth techniques. This allowed them to be invisible for traditional scanner. Moreover, most of them started using real-time encryption.
  • 18. Pattern matching is not enough Why not to create artificial runtime environment to let the virus do its job? Such approach found implementation in environment emulation engines, which became standard AV software weapon.
  • 19. VIRTUAL REALITY Anti-virus program provides a virtual machine with independent operating system and allows virus to perform its routines. Behavior and characteristics are being continuously examined, while virus is not aware that is working on a fake system. This leads to decryption routines and revealment of its true nature. Also stealth techniques are useless because whole VM is monitored by AV software.
  • 20. FALSE POSITIVES & AUTOMATIC LEARNING HS will blame innocent programs for being potential threats. Such behavior is called false positive. We must be aware that program is right when rising alarm, because scanned app posses suspicious sequences, we can't blame scanner for failure.
  • 21. Q: So what can be done to avoid false positives? A: Automatic learning!
  • 22. AVOIDING FALSE POSITIVES & IMPROVING ACCURACY Assume that machine is not infected. Combine scanning techniques Definition of (combinations of) suspicious abilities. Recognition of common program codes Recognition of specific programs
  • 23. WHAT CAN BE EXPECTED FROM IT IN THE FUTURE? The Development Continues Most anti-virus developers still do not supply a ready-to-use heuristic analyzer. Those who have heuristics already available are still improving it.
  • 24. SUMMARY Basically HS is inherited from combination of pattern matching, automatic learning and environment emulation metaheuristics. As a heuristic method it's not 100% effective. So why do we apply HS? Pros Can detect 'future' threats User is less dependent on product update Improves conventional scanning results Cons False positives Making decision after alarm requires knowledge
  • 25. REFERENCES Data mining methods for detection of new malicious executable-MATHEW.G CHU LTZ Heuristics scanner for Artificial Intelligence- RIGHARD ZWIENEN DERG Heuristics Antivirus technology- FRANSVELDSMAN
  • 26. Why?... Questions ? What if?...