SlideShare a Scribd company logo

Artificial Intelligence in Virus Detection & Recognition

Download as PPTX, PDF
A
ahmadali999
EducationTechnology
1 of 27
ARTIFICIAL INTELLIGENCE METHODS IN VIRUS DETECTION & RECOGNITION INTRODUCTION TO HEURISTIC SCANNING AHMAD ALI. A 09409002 S7 CSE
PRESENTATION OUTLINE Introduction Fundamentals of malware Metaheuristics in Virus Detection & Recognition Heuristic scanning theory Lacks in specific detection Heuristic scanning conception Recognizing potential threat Coping with anti-heuristic mechanisms Towards accuracy improvement Summary
MALWARE Malware (malicious software) is a software designed to infiltrate or damage a computer system without the owner's informed consent.
MALWARE TYPES It is important to be aware that nevertheless all of them have similar purpose, each one behave differently. Viruses Worms Wabbits Trojan horses Exploits/Backdoors Rootkits Key loggers/Dialers Hoaxes
INFECTION STRATEGIES Nonresident viruses: The simplest form of viruses which don't stay in memory, but infect founded executable file and search for another to replicate. Resident viruses: More complex and efficient type of viruses which stay in memory and hide their presence from other processes. Fast infectors: Type which is designed to infect as many files as possible. Slow infectors: Using stealth and encryption techniques to stay undetected outlast.
Heuristic Heuristic is a method to solve a problem, commonly an informal method. It is particularly used to rapidly come to a solution that is reasonably close to the best possible answer, or 'optimal solution'... Metaheuristic Metaheuristic is a heuristic method which combines user- given black-box procedures in a hopefully efficient way. Metaheuristics are generally applied to problems for which there is no satisfactory problem-specific algorithm or heuristic.
GENERAL METAHEURISTICS List below shows main metaheuristics used for virus detection and recognition: Pattern matching Automatic learning Environment emulation Neural networks Data mining Bayes networks Hidden Markov models and other...
LACKS IN SPECIFIC DETECTION There are two basic methods to detect viruses - specific and generic. Why is generic detection gaining importance? There are four reasons: The number of viruses increases rapidly. The number of virus mutants increases. The development of polymorphic viruses. Viruses directed at a specific organization or company.
Specific detection methods like signature scanning became very efficient ways of detecting known threats. Finding specific signature in code allows scanner to recognize every virus which signature has been stored in built-in database. BB ?2 B9 10 01 81 37 ?2 81 77 02 ?2 83 C3 04 E2 F2 FireFly virus signature(hexadecimal)
Problem occurs when virus source is changed by a programmer or mutation engine. Signature is being malformed due to even minor changes. Virus may behave in an exactly same way but is undetectable due to new, unique signature. BB ?2 B9 10 01 81 37 ?2 81 A1 D3 ?2 01 C3 04 E2 F2 Malformed signature(hexadecimal)
HEURISTIC SCANNING CONCEPTION Q: How to recognize a virus without any knowledge about its internal structure? A: By examining its behavior and characteristics.
FIGURE: VIRUS EVOLUTION CHAIN
Heuristic scanning in its basic form is implementation of three metaheuristics: Pattern matching Automatic learning Environment emulation Of course modern solutions provide more functionalities but principle stays the same.
The basic idea of heuristic scanning is to examine assembly language instruction sequences(step-by-step) If there are sequences behaving suspiciously, program can be qualified as a virus.
RECOGNIZING POTENTIAL THREAT Singular suspicion is never a reason to trigger the alarm. But if the same program also tries to stay resident and contains routine to search for executables, it is highly probable that it's a real virus.
HEURISTIC SCANNING AS ARTIFICIAL NEURON Figure: Single-layer classifier with threshold
MALWARE EVOLVES Viruses started to use various stealth techniques. This allowed them to be invisible for traditional scanner. Moreover, most of them started using real-time encryption.
Pattern matching is not enough Why not to create artificial runtime environment to let the virus do its job? Such approach found implementation in environment emulation engines, which became standard AV software weapon.
VIRTUAL REALITY Anti-virus program provides a virtual machine with independent operating system and allows virus to perform its routines. Behavior and characteristics are being continuously examined, while virus is not aware that is working on a fake system. This leads to decryption routines and revealment of its true nature. Also stealth techniques are useless because whole VM is monitored by AV software.
FALSE POSITIVES & AUTOMATIC LEARNING HS will blame innocent programs for being potential threats. Such behavior is called false positive. We must be aware that program is right when rising alarm, because scanned app posses suspicious sequences, we can't blame scanner for failure.
Q: So what can be done to avoid false positives? A: Automatic learning!
AVOIDING FALSE POSITIVES & IMPROVING ACCURACY Assume that machine is not infected. Combine scanning techniques Definition of (combinations of) suspicious abilities. Recognition of common program codes Recognition of specific programs
WHAT CAN BE EXPECTED FROM IT IN THE FUTURE? The Development Continues Most anti-virus developers still do not supply a ready-to-use heuristic analyzer. Those who have heuristics already available are still improving it.
SUMMARY Basically HS is inherited from combination of pattern matching, automatic learning and environment emulation metaheuristics. As a heuristic method it's not 100% effective. So why do we apply HS? Pros Can detect 'future' threats User is less dependent on product update Improves conventional scanning results Cons False positives Making decision after alarm requires knowledge
REFERENCES Data mining methods for detection of new malicious executable-MATHEW.G CHU LTZ Heuristics scanner for Artificial Intelligence- RIGHARD ZWIENEN DERG Heuristics Antivirus technology- FRANSVELDSMAN
Why?... Questions ? What if?...
THANK YOU

Recommended

Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Wojciech Podgórski
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generationUltraUploader
 
Malware detection
Malware detectionMalware detection
Malware detectionssuser1eca7d
 
Antimalware
AntimalwareAntimalware
AntimalwareMayank Chaudhari
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...IJET - International Journal of Engineering and Techniques
 
Clustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsClustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsIJSTA
 
Enhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationEnhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationZhenyun Zhuang
 

Recommended

Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...
Artificial Intelligence Methods in Virus Detection & Recognition - Introducti...Wojciech Podgórski
 
Autonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer NetworksAutonomic Anomaly Detection System in Computer Networks
Autonomic Anomaly Detection System in Computer Networksijsrd.com
 
Automated malware invariant generation
Automated malware invariant generationAutomated malware invariant generation
Automated malware invariant generationUltraUploader
 
Malware detection
Malware detectionMalware detection
Malware detectionssuser1eca7d
 
Antimalware
AntimalwareAntimalware
AntimalwareMayank Chaudhari
 
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...
[IJET-V1I6P6] Authors: Ms. Neeta D. Birajdar, Mr. Madhav N. Dhuppe, Ms. Trupt...IJET - International Journal of Engineering and Techniques
 
Clustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsClustering Categorical Data for Internet Security Applications
Clustering Categorical Data for Internet Security ApplicationsIJSTA
 
Enhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationEnhancing Intrusion Detection System with Proximity Information
Enhancing Intrusion Detection System with Proximity InformationZhenyun Zhuang
 
Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus ApproachIJNSA Journal
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction SystemAzri Hafiz
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningVenkat Projects
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET Journal
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesArshadRaja786
 
Malwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionMalwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionIOSR Journals
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesUltraUploader
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learningShubham Dubey
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
 
A malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningA malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningjaigera
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine LearningJapneet Singh
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architectureUltraUploader
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8Shruthi Reddy
 
lisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramminglisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogrammingAntonio Garrote Hernández
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
Virus detection system
Virus detection systemVirus detection system
Virus detection systemAkshay Surve
 

More Related Content

What's hot

Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus ApproachIJNSA Journal
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction SystemAzri Hafiz
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSIJNSA Journal
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningVenkat Projects
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET Journal
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesArshadRaja786
 
Malwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionMalwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionIOSR Journals
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesUltraUploader
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learningShubham Dubey
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsPietro De Nicolao
 
A malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningA malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningjaigera
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine LearningJapneet Singh
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection TechniquesEditor IJMTER
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architectureUltraUploader
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 

What's hot (19)

Cryptovirology: Virus Approach
Cryptovirology: Virus ApproachCryptovirology: Virus Approach
Cryptovirology: Virus Approach
 
Malware Analysis and Prediction System
Malware Analysis and Prediction SystemMalware Analysis and Prediction System
Malware Analysis and Prediction System
 
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLSA SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
A SURVEY ON MALWARE DETECTION AND ANALYSIS TOOLS
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 
robust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learningrobust malware detection for iot devices using deep eigen space learning
robust malware detection for iot devices using deep eigen space learning
 
IRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine LearningIRJET- Android Malware Detection using Machine Learning
IRJET- Android Malware Detection using Machine Learning
 
Malware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning TechniquesMalware Detection Using Machine Learning Techniques
Malware Detection Using Machine Learning Techniques
 
Malwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant ExtractionMalwise-Malware Classification and Variant Extraction
Malwise-Malware Classification and Variant Extraction
 
Novel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data StructureNovel Malware Clustering System Based on Kernel Data Structure
Novel Malware Clustering System Based on Kernel Data Structure
 
Agisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signaturesAgisa towards automatic generation of infection signatures
Agisa towards automatic generation of infection signatures
 
Malware Dectection Using Machine learning
Malware Dectection Using Machine learningMalware Dectection Using Machine learning
Malware Dectection Using Machine learning
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
TriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android ApplicationsTriggerScope: Towards Detecting Logic Bombs in Android Applications
TriggerScope: Towards Detecting Logic Bombs in Android Applications
 
A malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learningA malware detection method for health sensor data based on machine learning
A malware detection method for health sensor data based on machine learning
 
Malware classification using Machine Learning
Malware classification using Machine LearningMalware classification using Machine Learning
Malware classification using Machine Learning
 
Survey on Malware Detection Techniques
Survey on Malware Detection TechniquesSurvey on Malware Detection Techniques
Survey on Malware Detection Techniques
 
An email worm vaccine architecture
An email worm vaccine architectureAn email worm vaccine architecture
An email worm vaccine architecture
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 

Viewers also liked

Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
Virus detection system
Virus detection systemVirus detection system
Virus detection systemAkshay Surve
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and preventionCholo Legisma
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)Helgi Páll Helgason, PhD
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence Muhammad Ahad
 
Knowledge representation in AI
Knowledge representation in AIKnowledge representation in AI
Knowledge representation in AIVishal Singh
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural networkmustafa aadel
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications Ahmed_hashmi
 
Artificial Intelligence
Artificial IntelligenceArtificial Intelligence
Artificial Intelligenceu053675
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligencevallibhargavi
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computingRkrishna Mishra
 

Viewers also liked (16)

lisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramminglisp (vs ruby) metaprogramming
lisp (vs ruby) metaprogramming
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
Virus detection system
Virus detection systemVirus detection system
Virus detection system
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and prevention
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)From Narrow AI to Artificial General Intelligence (AGI)
From Narrow AI to Artificial General Intelligence (AGI)
 
Artificial Intelligence
Artificial Intelligence Artificial Intelligence
Artificial Intelligence
 
Knowledge representation in AI
Knowledge representation in AIKnowledge representation in AI
Knowledge representation in AI
 
Artificial neural network
Artificial neural networkArtificial neural network
Artificial neural network
 
Neural network & its applications
Neural network & its applications Neural network & its applications
Neural network & its applications
 
Artificial Intelligence
Artificial IntelligenceArtificial Intelligence
Artificial Intelligence
 
artificial intelligence
artificial intelligenceartificial intelligence
artificial intelligence
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computing
 

Similar to Artificial Intelligence in Virus Detection & Recognition

Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internetUltraUploader
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirussandipslides
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxinfantsuk
 
Presentation.pptx..................................
Presentation.pptx..................................Presentation.pptx..................................
Presentation.pptx..................................Shivakrishnan18
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Editor IJARCET
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesijcsa
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUSSatyam Sangal
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxrtodd884
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithmsUltraUploader
 

Similar to Artificial Intelligence in Virus Detection & Recognition (20)

Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
A generic virus detection agent on the internet
A generic virus detection agent on the internetA generic virus detection agent on the internet
A generic virus detection agent on the internet
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
virus vs antivirus
virus vs antivirusvirus vs antivirus
virus vs antivirus
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Malware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docxMalware Protection Week5Part4-IS Revision Fall2013 .docx
Malware Protection Week5Part4-IS Revision Fall2013 .docx
 
Presentation (1).pptx
Presentation (1).pptxPresentation (1).pptx
Presentation (1).pptx
 
Presentation.pptx..................................
Presentation.pptx..................................Presentation.pptx..................................
Presentation.pptx..................................
 
Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039Volume 2-issue-6-2037-2039
Volume 2-issue-6-2037-2039
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Basic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniquesBasic survey on malware analysis, tools and techniques
Basic survey on malware analysis, tools and techniques
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
How Antivirus detects VIRUS
How Antivirus detects VIRUSHow Antivirus detects VIRUS
How Antivirus detects VIRUS
 
Malware1
Malware1Malware1
Malware1
 
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemSelf Evolving Antivirus Based on Neuro-Fuzzy Inference System
Self Evolving Antivirus Based on Neuro-Fuzzy Inference System
 
Poly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docxPoly-meta-morphic malware looks different each time it is stored on di.docx
Poly-meta-morphic malware looks different each time it is stored on di.docx
 
Analysis of virus algorithms
Analysis of virus algorithmsAnalysis of virus algorithms
Analysis of virus algorithms
 

Recently uploaded

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 

Recently uploaded (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 

Artificial Intelligence in Virus Detection & Recognition

  • 1. ARTIFICIAL INTELLIGENCE METHODS IN VIRUS DETECTION & RECOGNITION INTRODUCTION TO HEURISTIC SCANNING AHMAD ALI. A 09409002 S7 CSE
  • 2. PRESENTATION OUTLINE Introduction Fundamentals of malware Metaheuristics in Virus Detection & Recognition Heuristic scanning theory Lacks in specific detection Heuristic scanning conception Recognizing potential threat Coping with anti-heuristic mechanisms Towards accuracy improvement Summary
  • 3. MALWARE Malware (malicious software) is a software designed to infiltrate or damage a computer system without the owner's informed consent.
  • 4. MALWARE TYPES It is important to be aware that nevertheless all of them have similar purpose, each one behave differently. Viruses Worms Wabbits Trojan horses Exploits/Backdoors Rootkits Key loggers/Dialers Hoaxes
  • 5. INFECTION STRATEGIES Nonresident viruses: The simplest form of viruses which don't stay in memory, but infect founded executable file and search for another to replicate. Resident viruses: More complex and efficient type of viruses which stay in memory and hide their presence from other processes. Fast infectors: Type which is designed to infect as many files as possible. Slow infectors: Using stealth and encryption techniques to stay undetected outlast.
  • 6. Heuristic Heuristic is a method to solve a problem, commonly an informal method. It is particularly used to rapidly come to a solution that is reasonably close to the best possible answer, or 'optimal solution'... Metaheuristic Metaheuristic is a heuristic method which combines user- given black-box procedures in a hopefully efficient way. Metaheuristics are generally applied to problems for which there is no satisfactory problem-specific algorithm or heuristic.
  • 7. GENERAL METAHEURISTICS List below shows main metaheuristics used for virus detection and recognition: Pattern matching Automatic learning Environment emulation Neural networks Data mining Bayes networks Hidden Markov models and other...
  • 8. LACKS IN SPECIFIC DETECTION There are two basic methods to detect viruses - specific and generic. Why is generic detection gaining importance? There are four reasons: The number of viruses increases rapidly. The number of virus mutants increases. The development of polymorphic viruses. Viruses directed at a specific organization or company.
  • 9. Specific detection methods like signature scanning became very efficient ways of detecting known threats. Finding specific signature in code allows scanner to recognize every virus which signature has been stored in built-in database. BB ?2 B9 10 01 81 37 ?2 81 77 02 ?2 83 C3 04 E2 F2 FireFly virus signature(hexadecimal)
  • 10. Problem occurs when virus source is changed by a programmer or mutation engine. Signature is being malformed due to even minor changes. Virus may behave in an exactly same way but is undetectable due to new, unique signature. BB ?2 B9 10 01 81 37 ?2 81 A1 D3 ?2 01 C3 04 E2 F2 Malformed signature(hexadecimal)
  • 11. HEURISTIC SCANNING CONCEPTION Q: How to recognize a virus without any knowledge about its internal structure? A: By examining its behavior and characteristics.
  • 13. Heuristic scanning in its basic form is implementation of three metaheuristics: Pattern matching Automatic learning Environment emulation Of course modern solutions provide more functionalities but principle stays the same.
  • 14. The basic idea of heuristic scanning is to examine assembly language instruction sequences(step-by-step) If there are sequences behaving suspiciously, program can be qualified as a virus.
  • 15. RECOGNIZING POTENTIAL THREAT Singular suspicion is never a reason to trigger the alarm. But if the same program also tries to stay resident and contains routine to search for executables, it is highly probable that it's a real virus.
  • 16. HEURISTIC SCANNING AS ARTIFICIAL NEURON Figure: Single-layer classifier with threshold
  • 17. MALWARE EVOLVES Viruses started to use various stealth techniques. This allowed them to be invisible for traditional scanner. Moreover, most of them started using real-time encryption.
  • 18. Pattern matching is not enough Why not to create artificial runtime environment to let the virus do its job? Such approach found implementation in environment emulation engines, which became standard AV software weapon.
  • 19. VIRTUAL REALITY Anti-virus program provides a virtual machine with independent operating system and allows virus to perform its routines. Behavior and characteristics are being continuously examined, while virus is not aware that is working on a fake system. This leads to decryption routines and revealment of its true nature. Also stealth techniques are useless because whole VM is monitored by AV software.
  • 20. FALSE POSITIVES & AUTOMATIC LEARNING HS will blame innocent programs for being potential threats. Such behavior is called false positive. We must be aware that program is right when rising alarm, because scanned app posses suspicious sequences, we can't blame scanner for failure.
  • 21. Q: So what can be done to avoid false positives? A: Automatic learning!
  • 22. AVOIDING FALSE POSITIVES & IMPROVING ACCURACY Assume that machine is not infected. Combine scanning techniques Definition of (combinations of) suspicious abilities. Recognition of common program codes Recognition of specific programs
  • 23. WHAT CAN BE EXPECTED FROM IT IN THE FUTURE? The Development Continues Most anti-virus developers still do not supply a ready-to-use heuristic analyzer. Those who have heuristics already available are still improving it.
  • 24. SUMMARY Basically HS is inherited from combination of pattern matching, automatic learning and environment emulation metaheuristics. As a heuristic method it's not 100% effective. So why do we apply HS? Pros Can detect 'future' threats User is less dependent on product update Improves conventional scanning results Cons False positives Making decision after alarm requires knowledge
  • 25. REFERENCES Data mining methods for detection of new malicious executable-MATHEW.G CHU LTZ Heuristics scanner for Artificial Intelligence- RIGHARD ZWIENEN DERG Heuristics Antivirus technology- FRANSVELDSMAN
  • 26. Why?... Questions ? What if?...