Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Watching Virus Behavior Far Better Than Signatures

davecb (6526) writes | more than 7 years ago


davecb (6526) writes "A prototype anti-virus system developed at the University of Michigan uses the "fingerprint" of virus activity to more effectively identify viruses. The system obtains such fingerprints by intentionally infecting a quarantined computer with viruses. Conventional anti-virus software monitors systems for suspicious activity and then tries to determine the source by checking for virus signatures, which makes it difficult to spot new pieces of malware and track different variations.

The University of Michigan team studied the files and processes malware created and modified on an infected computer, and developed software that uses the information gathered to identify malware. The prototype is capable of defining clusters of malware that operate in similar ways, and can create a kind of family tree that illustrates how superficially different programs have similar methods of operation. In tests on the same software, the prototype was able to identify at least 10 percent more of the sample than five leading anti-virus programs. The prototype also always correctly connected different pieces of malware that operate similarly, while the best anti-virus program was only able to identify 68 percent of such links. (Courtesy of ACM Technews)"

cancel ×


Slashdot Login

Need an Account?

Forgot your password?