Heuristic scanning and sandbox approach in malware detection
Conference object (Published version)
MetadataShow full item record
A heuristic approach in malware detection is similar to the method of detecting anomalies applied to the intrusion detection system (IDS). It speeds up the process of finding sufficiently good solution in situations where the implementation of detailed research is not practical or is very time-consuming - for example, using various general rules, informed speculation, intuition and common sense. Instead of looking for matches (like in static signature-based detection), heuristic intrusion detection looks for behavior that is out of ordinary, with regards to a baseline of the normal network traffic and activity. Heuristic scanning uses rules and/or algorithms to look for commands which may indicate malicious intent without needing a signature. Analysis of static signatures will fail to catch new types of attacks but have usually less false positives. Heuristics might catch more new malware but this usually comes with higher false positive rate. Because of that, most modern and efficient... IDS software uses both signature and heuristic-based methods in combination, with the goal of increasing the chance to detect and remove malware. In parallel with the heuristic and signature-based method, sandboxing approach is also used in detection of network anomalies. This is a software management technique that isolates examined applications from critical system resources and other programs. Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. Similar to heuristics, this method also has its benefits and limitations. The general conclusion is that the best network security can be achieved utilizing more methods simultaneously - by multi-scanning (scanning with multiple anti-malware engines).
Keywords:heuristics / scanning / malware / signature / sandboxing / detection
Source:Thematic conference proceedings of international significance. Vol. 2 / International scientific conference "Archibald Reiss Days", Belgrade, 6-7 November 2019., 2019, 299-308
- Belgrade : University of Criminal Investigation and Police Studies