The growing number of computer viruses and the
detection of zero day malware have been the concern for security
researchers for a large period of time. Existing antivirus products
(AVs) rely on detecting virus signatures which do not provide a full
solution to the problems associated with these viruses. The use of
logic formulae to model the behaviour of viruses is one of the most
encouraging recent developments in virus research, which provides
alternatives to classic virus detection methods. In this paper, we
proposed a comparative study about different virus detection
techniques. This paper provides the advantages and drawbacks of
different detection techniques. Different techniques will be used in
this paper to provide a discussion about what technique is more
effective to detect computer viruses.
[1] Szor, P., 2005. The art of computer virus research and defense. Addison-
Wesley Professional.
[2] Britt, W., Gopalaswamy, S., Hamilton, J. A., Dozier, G. V. and Chang,
K. H., 2007. Computer defense using artificial intelligence, Proceedings
of the 2007 spring simulation multiconference-Volume 3 2007, Society
for Computer Simulation International, pp. 378-386.
[3] Harmer, P. K., Williams, P. D., Gunsch, G. H. and Lamont, G. B., 2002.
An artificial immune system architecture for computer security
applications. Evolutionary Computation, IEEE Transactions on, 6(3), pp.
252-280.
[4] Filiol, E., 2005. Computer viruses: from theory to applications. Springer
Paris etc.
[5] Davis, M., Bodmer, S. and Lemasters, A., 2010. Hacking Exposed
Malware and Rootkits. McGraw-Hill, Inc.
[6] Kaspersky, E., 2006-last update, Problems for AV vendors: Some
thoughts (Homepage of Kaspersky Lab, Russia), (Online). Available:
http://www.virusbtn.com/virusbulletin/archive/2006/04/vb200604-
comment.dkb?mobile_on=yes (01/31, 2014).
[7] Evers, J., January 19, 2006, 2006-last update, Computer crimes cost 67
billion, FBI says (Homepage of Cnet), (Online). Available:
http://news.cnet.com/2100-7349_3-6028946.html (01/31, 2014).
[8] Siddiqui, M. A., 2008. Data mining methods for malware detection.
ProQuest. [9] Cohen, F. B. and Cohen, D. F., 1994. A short course on computer
viruses. John Wiley & Sons, Inc.
[10] Skoudis, E. and Zeltser, L., 2004. Malware: Fighting malicious code.
Prentice Hall PTR.
[11] Cohen, F., 1987. Computer viruses: theory and experiments. Computers
& Security, 6(1), pp. 22-35.
[12] Adleman, L., 1990. An abstract theory of computer viruses, Advances in
Cryptology—CRYPTO’88 1990, Springer, pp. 354-374.
[13] Morales, J.A., 2008. A behavior based approach to virus detection,
Florida International University.
[14] Rabah, K., 2005. Secure implementation of message digest,
authentication and digital signature. Information Technology Journal,
4(3), pp. 204-221.
[15] Yoo, I. S. and Ultes-Nitsche, U., 2006. Non-signature based virus
detection. Journal in Computer Virology, 2(3), pp. 163-186.
[16] Livingston, B., 23/02/2006, 2006-last update, How Long Must You Wait
for an Anti-Virus Fix? - eSecurity Planet. Available:
http://www.esecurityplanet.com/views/article.php/3316511/How-Long-
Must-You-Wait-for-an-AntiVirus-Fix.htm (2/2/2013).
[17] Christodorescu, M., Jha, S., Maughan, D., Song, D. and Wang, C., 2006.
Malware Detection. Springer.
[18] Conry-Murray, A., 2002. Behavior-blocking stops unknown malicious
code. Network Magazine.
[19] Messmer, E., 01/28/02, 2002-last update, Behavior blocking repels new
viruses (Homepage of Network World Fusion), (Online). Available:
http://www.networkworld.com/news/2002/0128antivirus.html
(02/02/2011).
[20] Morales, J. A., Clarke, P. J. and Deng, Y., 2010. Identification of file
infecting viruses through detection of self-reference replication. Journal
in computer virology, 6(2), pp. 161-180.
[21] Ellis, D. R., Aiken, J. G., Attwood, K. S. and Tenaglia, S. D., 2004. A
behavioral approach to worm detection, Proceedings of the 2004 ACM
workshop on Rapid malcode 2004, ACM, pp. 43-53.
[22] S. Al Amro, A. Cau, “Behaviour-based virus detection system using
Interval Temporal Logic,” Proceedings of the 6th IEEE International
Conference on Risks and Security of Internet and Systems, pp.1-6, Sept.
2011.
[23] Chiang, H. and Tsaur, W., 2010. Mobile Malware Behavioral Analysis
and Preventive Strategy Using Ontology, Social Computing
(SocialCom), 2010 IEEE Second International Conference on 2010,
IEEE, pp. 1080-1085.
[24] Idika, N. and Mathur, A.P., 2007. A survey of malware detection
techniques. Purdue University, pp. 48.
[25] Zhang, Q., 2008. Polymorphic and metamorphic malware detection.
ProQuest..
[26] Skormin, V.A., 2010. Server Level Analysis of Network Operation
Utilizing System Call Data. Binghamton Univ New York Dept of
Electrical and Computer Engineering. Blade API Monitor.
http://www.bladeapimonitor.com/, 2011.
[27] BOS, H., 2013-last update, D16 (D4. 2) Analysis Report of Behavioral
Features (Homepage of Wombat), (Online). Available:
http://www.wombat-project.eu/WP4/FP7-ICT-216026-
Wombat_WP4_D16_V01_Analysis-Report-of-Behavioral-features.pdf
(12/20/2012).
[28] Moskovitch, R., elovici, Y. and Rokach, L., 2008. Detection of unknown
computer worms based on behavioral classification of the host.
Computational Statistics & Data Analysis, 52(9), pp. 4544-4566.
[29] Altaher, A., Ramadass, S. and Ali, A., 2011. Computer virus detection
using features ranking and machine learning. Australian Journal of Basic
and Applied Sciences, 5(9), pp. 1482-1486.
[30] Alazab, M., Venkataraman, S. and Watters, P., 2010. Towards
Understanding Malware Behaviour by the Extraction of API Calls,
Second Cybercrime and Trustworthy Computing Workshop 2010, pp.
52-59.
[31] Skormin, V., Volynkin, A., Summerville, D. and Moronski, J., 2007.
Prevention of information attacks by run-time detection of selfreplication
in computer codes. Journal of Computer Security, 15(2), pp.
273-302.
[32] Veeramani, R. and Rai, N., 2012. Windows API based Malware
Detection and Framework Analysis. International Journal of Scientific &
Engineering Research (IJSER), 3(3).
[33] Ravi, C. and Manoharan, R., 2012. Malware Detection using Windows
API Sequence and Machine Learning. International Journal of Computer
Applications, 43(17), pp. 12-16.
[34] Seifert, C., Steenson, R., Welch, I., Komisarczuk, P. and Endicott-
Popovsky, B., 2007. Capture–A behavioral analysis tool for applications
and documents. Digital investigation, 4, pp. 23-30.
[35] Russinovich, M., 2011-last update, Inside the Native API (Homepage of
Sysinternals), (Online). Available:
http://www.sysinternals.com/Information/NativeApi.html (1/22/2014).
[36] Rescue, D., 2006. IDA Pro Disassembler. 2006-10-20.
http://www.datarescue.com/idabase.
[37] Zwanger, V. and Freiling, F.C., 2013. Kernel mode API spectroscopy
for incident response and digital forensics, Proceedings of the 2nd ACM
SIGPLAN Program, Protection and Reverse Engineering Workshop
2013, ACM, pp. 3.
[38] Bayer, U., Moser, A., Kruegel, C. and Kirda, E., 2006. Dynamic analysis
of malicious code. Journal in Computer Virology, 2(1), pp. 67-77.
[39] Jacob, G., Debar, H. and Filiol, E., 2008. Behavioral detection of
malware: from a survey towards an established taxonomy. Journal in
Computer Virology, 4(3), pp. 251-266.
[1] Szor, P., 2005. The art of computer virus research and defense. Addison-
Wesley Professional.
[2] Britt, W., Gopalaswamy, S., Hamilton, J. A., Dozier, G. V. and Chang,
K. H., 2007. Computer defense using artificial intelligence, Proceedings
of the 2007 spring simulation multiconference-Volume 3 2007, Society
for Computer Simulation International, pp. 378-386.
[3] Harmer, P. K., Williams, P. D., Gunsch, G. H. and Lamont, G. B., 2002.
An artificial immune system architecture for computer security
applications. Evolutionary Computation, IEEE Transactions on, 6(3), pp.
252-280.
[4] Filiol, E., 2005. Computer viruses: from theory to applications. Springer
Paris etc.
[5] Davis, M., Bodmer, S. and Lemasters, A., 2010. Hacking Exposed
Malware and Rootkits. McGraw-Hill, Inc.
[6] Kaspersky, E., 2006-last update, Problems for AV vendors: Some
thoughts (Homepage of Kaspersky Lab, Russia), (Online). Available:
http://www.virusbtn.com/virusbulletin/archive/2006/04/vb200604-
comment.dkb?mobile_on=yes (01/31, 2014).
[7] Evers, J., January 19, 2006, 2006-last update, Computer crimes cost 67
billion, FBI says (Homepage of Cnet), (Online). Available:
http://news.cnet.com/2100-7349_3-6028946.html (01/31, 2014).
[8] Siddiqui, M. A., 2008. Data mining methods for malware detection.
ProQuest. [9] Cohen, F. B. and Cohen, D. F., 1994. A short course on computer
viruses. John Wiley & Sons, Inc.
[10] Skoudis, E. and Zeltser, L., 2004. Malware: Fighting malicious code.
Prentice Hall PTR.
[11] Cohen, F., 1987. Computer viruses: theory and experiments. Computers
& Security, 6(1), pp. 22-35.
[12] Adleman, L., 1990. An abstract theory of computer viruses, Advances in
Cryptology—CRYPTO’88 1990, Springer, pp. 354-374.
[13] Morales, J.A., 2008. A behavior based approach to virus detection,
Florida International University.
[14] Rabah, K., 2005. Secure implementation of message digest,
authentication and digital signature. Information Technology Journal,
4(3), pp. 204-221.
[15] Yoo, I. S. and Ultes-Nitsche, U., 2006. Non-signature based virus
detection. Journal in Computer Virology, 2(3), pp. 163-186.
[16] Livingston, B., 23/02/2006, 2006-last update, How Long Must You Wait
for an Anti-Virus Fix? - eSecurity Planet. Available:
http://www.esecurityplanet.com/views/article.php/3316511/How-Long-
Must-You-Wait-for-an-AntiVirus-Fix.htm (2/2/2013).
[17] Christodorescu, M., Jha, S., Maughan, D., Song, D. and Wang, C., 2006.
Malware Detection. Springer.
[18] Conry-Murray, A., 2002. Behavior-blocking stops unknown malicious
code. Network Magazine.
[19] Messmer, E., 01/28/02, 2002-last update, Behavior blocking repels new
viruses (Homepage of Network World Fusion), (Online). Available:
http://www.networkworld.com/news/2002/0128antivirus.html
(02/02/2011).
[20] Morales, J. A., Clarke, P. J. and Deng, Y., 2010. Identification of file
infecting viruses through detection of self-reference replication. Journal
in computer virology, 6(2), pp. 161-180.
[21] Ellis, D. R., Aiken, J. G., Attwood, K. S. and Tenaglia, S. D., 2004. A
behavioral approach to worm detection, Proceedings of the 2004 ACM
workshop on Rapid malcode 2004, ACM, pp. 43-53.
[22] S. Al Amro, A. Cau, “Behaviour-based virus detection system using
Interval Temporal Logic,” Proceedings of the 6th IEEE International
Conference on Risks and Security of Internet and Systems, pp.1-6, Sept.
2011.
[23] Chiang, H. and Tsaur, W., 2010. Mobile Malware Behavioral Analysis
and Preventive Strategy Using Ontology, Social Computing
(SocialCom), 2010 IEEE Second International Conference on 2010,
IEEE, pp. 1080-1085.
[24] Idika, N. and Mathur, A.P., 2007. A survey of malware detection
techniques. Purdue University, pp. 48.
[25] Zhang, Q., 2008. Polymorphic and metamorphic malware detection.
ProQuest..
[26] Skormin, V.A., 2010. Server Level Analysis of Network Operation
Utilizing System Call Data. Binghamton Univ New York Dept of
Electrical and Computer Engineering. Blade API Monitor.
http://www.bladeapimonitor.com/, 2011.
[27] BOS, H., 2013-last update, D16 (D4. 2) Analysis Report of Behavioral
Features (Homepage of Wombat), (Online). Available:
http://www.wombat-project.eu/WP4/FP7-ICT-216026-
Wombat_WP4_D16_V01_Analysis-Report-of-Behavioral-features.pdf
(12/20/2012).
[28] Moskovitch, R., elovici, Y. and Rokach, L., 2008. Detection of unknown
computer worms based on behavioral classification of the host.
Computational Statistics & Data Analysis, 52(9), pp. 4544-4566.
[29] Altaher, A., Ramadass, S. and Ali, A., 2011. Computer virus detection
using features ranking and machine learning. Australian Journal of Basic
and Applied Sciences, 5(9), pp. 1482-1486.
[30] Alazab, M., Venkataraman, S. and Watters, P., 2010. Towards
Understanding Malware Behaviour by the Extraction of API Calls,
Second Cybercrime and Trustworthy Computing Workshop 2010, pp.
52-59.
[31] Skormin, V., Volynkin, A., Summerville, D. and Moronski, J., 2007.
Prevention of information attacks by run-time detection of selfreplication
in computer codes. Journal of Computer Security, 15(2), pp.
273-302.
[32] Veeramani, R. and Rai, N., 2012. Windows API based Malware
Detection and Framework Analysis. International Journal of Scientific &
Engineering Research (IJSER), 3(3).
[33] Ravi, C. and Manoharan, R., 2012. Malware Detection using Windows
API Sequence and Machine Learning. International Journal of Computer
Applications, 43(17), pp. 12-16.
[34] Seifert, C., Steenson, R., Welch, I., Komisarczuk, P. and Endicott-
Popovsky, B., 2007. Capture–A behavioral analysis tool for applications
and documents. Digital investigation, 4, pp. 23-30.
[35] Russinovich, M., 2011-last update, Inside the Native API (Homepage of
Sysinternals), (Online). Available:
http://www.sysinternals.com/Information/NativeApi.html (1/22/2014).
[36] Rescue, D., 2006. IDA Pro Disassembler. 2006-10-20.
http://www.datarescue.com/idabase.
[37] Zwanger, V. and Freiling, F.C., 2013. Kernel mode API spectroscopy
for incident response and digital forensics, Proceedings of the 2nd ACM
SIGPLAN Program, Protection and Reverse Engineering Workshop
2013, ACM, pp. 3.
[38] Bayer, U., Moser, A., Kruegel, C. and Kirda, E., 2006. Dynamic analysis
of malicious code. Journal in Computer Virology, 2(1), pp. 67-77.
[39] Jacob, G., Debar, H. and Filiol, E., 2008. Behavioral detection of
malware: from a survey towards an established taxonomy. Journal in
Computer Virology, 4(3), pp. 251-266.
@article{"International Journal of Information, Control and Computer Sciences:70831", author = "Sulaiman Al Amro and Ali Alkhalifah", title = "A Comparative Study of Virus Detection Techniques", abstract = "The growing number of computer viruses and the
detection of zero day malware have been the concern for security
researchers for a large period of time. Existing antivirus products
(AVs) rely on detecting virus signatures which do not provide a full
solution to the problems associated with these viruses. The use of
logic formulae to model the behaviour of viruses is one of the most
encouraging recent developments in virus research, which provides
alternatives to classic virus detection methods. In this paper, we
proposed a comparative study about different virus detection
techniques. This paper provides the advantages and drawbacks of
different detection techniques. Different techniques will be used in
this paper to provide a discussion about what technique is more
effective to detect computer viruses.", keywords = "Computer viruses, virus detection, signature-based,
behaviour-based, heuristic-based.", volume = "9", number = "6", pages = "1566-8", }
