An Unknown Malware Detection Using Execution Registry Access

Kento Kono; Sanouphab Phomkeona; Koji Okamura

doi:10.1109/COMPSAC.2018.10281

An Unknown Malware Detection Using Execution Registry Access

Kento Kono, Sanouphab Phomkeona, Koji Okamura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

Original language	English
Title of host publication	Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018
Editors	Claudio Demartini, Sorel Reisman, Ling Liu, Edmundo Tovar, Hiroki Takakura, Ji-Jiang Yang, Chung-Horng Lung, Sheikh Iqbal Ahamed, Kamrul Hasan, Thomas Conte, Motonori Nakamura, Zhiyong Zhang, Toyokazu Akiyama, William Claycomb, Stelvio Cimato
Publisher	IEEE Computer Society
Pages	487-491
Number of pages	5
ISBN (Electronic)	9781538626665
DOIs	https://doi.org/10.1109/COMPSAC.2018.10281
Publication status	Published - Jun 8 2018
Event	42nd IEEE Computer Software and Applications Conference, COMPSAC 2018 - Tokyo, Japan Duration: Jul 23 2018 → Jul 27 2018

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	2
ISSN (Print)	0730-3157

Other

Other	42nd IEEE Computer Software and Applications Conference, COMPSAC 2018
Country/Territory	Japan
City	Tokyo
Period	7/23/18 → 7/27/18

All Science Journal Classification (ASJC) codes

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2018.10281

Cite this

Kono, K., Phomkeona, S., & Okamura, K. (2018). An Unknown Malware Detection Using Execution Registry Access. In C. Demartini, S. Reisman, L. Liu, E. Tovar, H. Takakura, J-J. Yang, C-H. Lung, S. I. Ahamed, K. Hasan, T. Conte, M. Nakamura, Z. Zhang, T. Akiyama, W. Claycomb, & S. Cimato (Eds.), Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018 (pp. 487-491). Article 8377909 (Proceedings - International Computer Software and Applications Conference; Vol. 2). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2018.10281

An Unknown Malware Detection Using Execution Registry Access. / Kono, Kento; Phomkeona, Sanouphab; Okamura, Koji.
Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. ed. / Claudio Demartini; Sorel Reisman; Ling Liu; Edmundo Tovar; Hiroki Takakura; Ji-Jiang Yang; Chung-Horng Lung; Sheikh Iqbal Ahamed; Kamrul Hasan; Thomas Conte; Motonori Nakamura; Zhiyong Zhang; Toyokazu Akiyama; William Claycomb; Stelvio Cimato. IEEE Computer Society, 2018. p. 487-491 8377909 (Proceedings - International Computer Software and Applications Conference; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kono, K, Phomkeona, S & Okamura, K 2018, An Unknown Malware Detection Using Execution Registry Access. in C Demartini, S Reisman, L Liu, E Tovar, H Takakura, J-J Yang, C-H Lung, SI Ahamed, K Hasan, T Conte, M Nakamura, Z Zhang, T Akiyama, W Claycomb & S Cimato (eds), Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018., 8377909, Proceedings - International Computer Software and Applications Conference, vol. 2, IEEE Computer Society, pp. 487-491, 42nd IEEE Computer Software and Applications Conference, COMPSAC 2018, Tokyo, Japan, 7/23/18. https://doi.org/10.1109/COMPSAC.2018.10281

Kono K, Phomkeona S, Okamura K. An Unknown Malware Detection Using Execution Registry Access. In Demartini C, Reisman S, Liu L, Tovar E, Takakura H, Yang J-J, Lung C-H, Ahamed SI, Hasan K, Conte T, Nakamura M, Zhang Z, Akiyama T, Claycomb W, Cimato S, editors, Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. IEEE Computer Society. 2018. p. 487-491. 8377909. (Proceedings - International Computer Software and Applications Conference). doi: 10.1109/COMPSAC.2018.10281

Kono, Kento ; Phomkeona, Sanouphab ; Okamura, Koji. / An Unknown Malware Detection Using Execution Registry Access. Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018. editor / Claudio Demartini ; Sorel Reisman ; Ling Liu ; Edmundo Tovar ; Hiroki Takakura ; Ji-Jiang Yang ; Chung-Horng Lung ; Sheikh Iqbal Ahamed ; Kamrul Hasan ; Thomas Conte ; Motonori Nakamura ; Zhiyong Zhang ; Toyokazu Akiyama ; William Claycomb ; Stelvio Cimato. IEEE Computer Society, 2018. pp. 487-491 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{fac40d7618ee4eaabb92e744c4b47fa8,

title = "An Unknown Malware Detection Using Execution Registry Access",

abstract = "Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.",

author = "Kento Kono and Sanouphab Phomkeona and Koji Okamura",

note = "Funding Information: ACKNOWLEDGMENT This research was supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST) and JSPS KAKENHI Grant Number JP16K004-80.; 42nd IEEE Computer Software and Applications Conference, COMPSAC 2018 ; Conference date: 23-07-2018 Through 27-07-2018",

year = "2018",

month = jun,

day = "8",

doi = "10.1109/COMPSAC.2018.10281",

language = "English",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "487--491",

editor = "Claudio Demartini and Sorel Reisman and Ling Liu and Edmundo Tovar and Hiroki Takakura and Ji-Jiang Yang and Chung-Horng Lung and Ahamed, {Sheikh Iqbal} and Kamrul Hasan and Thomas Conte and Motonori Nakamura and Zhiyong Zhang and Toyokazu Akiyama and William Claycomb and Stelvio Cimato",

booktitle = "Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018",

address = "United States",

}

TY - GEN

T1 - An Unknown Malware Detection Using Execution Registry Access

AU - Kono, Kento

AU - Phomkeona, Sanouphab

AU - Okamura, Koji

N1 - Funding Information: ACKNOWLEDGMENT This research was supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST) and JSPS KAKENHI Grant Number JP16K004-80.

PY - 2018/6/8

Y1 - 2018/6/8

N2 - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

AB - Traditional antivirus software is using virus definition to identify malware infection. In addition, antivirus needs to update the new virus definitions to guarantee its detection accuracy. However, due to the number of malware variants and new types of them are increase, it is very difficult to detect and respond them all. Moreover, there will be a serious incident if an unknown malware that did not correspond to the data definition had installed and expanded the infection without any notification. Therefore, in this paper we proposed a method to detect malware infection focus on registry accesses and malware execution processes based on Windows OS host pc. By using URSNIF banking spyware in experiments, we calculated its high failure rate of registry accesses as well as checked on specific access to confirmed the detection result.

UR - http://www.scopus.com/inward/record.url?scp=85055556055&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055556055&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2018.10281

DO - 10.1109/COMPSAC.2018.10281

M3 - Conference contribution

AN - SCOPUS:85055556055

T3 - Proceedings - International Computer Software and Applications Conference

SP - 487

EP - 491

BT - Proceedings - 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018

A2 - Demartini, Claudio

A2 - Reisman, Sorel

A2 - Liu, Ling

A2 - Tovar, Edmundo

A2 - Takakura, Hiroki

A2 - Yang, Ji-Jiang

A2 - Lung, Chung-Horng

A2 - Ahamed, Sheikh Iqbal

A2 - Hasan, Kamrul

A2 - Conte, Thomas

A2 - Nakamura, Motonori

A2 - Zhang, Zhiyong

A2 - Akiyama, Toyokazu

A2 - Claycomb, William

A2 - Cimato, Stelvio

PB - IEEE Computer Society

T2 - 42nd IEEE Computer Software and Applications Conference, COMPSAC 2018

Y2 - 23 July 2018 through 27 July 2018

ER -

An Unknown Malware Detection Using Execution Registry Access

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this