Приказ основних података о документу

dc.creatorČisar, Petar
dc.creatorJoksimović, Dušan
dc.date.accessioned2022-05-27T11:27:51Z
dc.date.available2022-05-27T11:27:51Z
dc.date.issued2019
dc.identifier.isbn978-86-7020-434-8
dc.identifier.isbn978-86-7020-190-3 (za idavačku celinu)
dc.identifier.urihttp://jakov.kpu.edu.rs/handle/123456789/1360
dc.description.abstractA heuristic approach in malware detection is similar to the method of detecting anomalies applied to the intrusion detection system (IDS). It speeds up the process of finding sufficiently good solution in situations where the implementation of detailed research is not practical or is very time-consuming - for example, using various general rules, informed speculation, intuition and common sense. Instead of looking for matches (like in static signature-based detection), heuristic intrusion detection looks for behavior that is out of ordinary, with regards to a baseline of the normal network traffic and activity. Heuristic scanning uses rules and/or algorithms to look for commands which may indicate malicious intent without needing a signature. Analysis of static signatures will fail to catch new types of attacks but have usually less false positives. Heuristics might catch more new malware but this usually comes with higher false positive rate. Because of that, most modern and efficient IDS software uses both signature and heuristic-based methods in combination, with the goal of increasing the chance to detect and remove malware. In parallel with the heuristic and signature-based method, sandboxing approach is also used in detection of network anomalies. This is a software management technique that isolates examined applications from critical system resources and other programs. Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. Similar to heuristics, this method also has its benefits and limitations. The general conclusion is that the best network security can be achieved utilizing more methods simultaneously - by multi-scanning (scanning with multiple anti-malware engines).sr
dc.language.isoensr
dc.publisherBelgrade : University of Criminal Investigation and Police Studiessr
dc.rightsopenAccesssr
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/
dc.sourceThematic conference proceedings of international significance. Vol. 2 / International scientific conference "Archibald Reiss Days", Belgrade, 6-7 November 2019.sr
dc.subjectheuristicssr
dc.subjectscanningsr
dc.subjectmalwaresr
dc.subjectsignaturesr
dc.subjectsandboxingsr
dc.subjectdetectionsr
dc.titleHeuristic scanning and sandbox approach in malware detectionsr
dc.typeconferenceObjectsr
dc.rights.licenseBYsr
dc.citation.spage299
dc.citation.epage308
dc.identifier.rcubhttps://hdl.handle.net/21.15107/rcub_jakov_1360
dc.identifier.fulltexthttp://jakov.kpu.edu.rs/bitstream/id/5869/bitstream_5869.pdf
dc.type.versionpublishedVersionsr


Документи

Thumbnail

Овај документ се појављује у следећим колекцијама

Приказ основних података о документу