International Journal of
Physical Sciences

  • Abbreviation: Int. J. Phys. Sci.
  • Language: English
  • ISSN: 1992-1950
  • DOI: 10.5897/IJPS
  • Start Year: 2006
  • Published Articles: 2572

Review

A biological model to improve PE malware detection: Review

Saman Mirza Abdulalla1*, Laiha Mat Kiah1 and Omar Zakaria2
1 Department of Computer System and Technology, Faculty of Computer Science and IT, University of Malaya, 50603 Kuala Lumpur, Malaysia. 2 Department of Computer Science, Faculty of Defence Science and Technology, National Defence University of Malaysia, 57000 Kuala Lumpur, Malaysia.
Email: [email protected]

  •  Accepted: 29 October 2010
  •  Published: 18 November 2010

Abstract

Malwares control computer systems by infecting system files. They take advantage of system compatibilities to ensure their survival from one version to another. The structure of the windows portable executable (PE) files between available versions of the windows operating system (OS) makes these files an easy target for malwares. Fields and codes of clean PE files are modified and changed after infection. Checking both changes and modifications is necessary to detect malwares with a minimum false alarm rate. This paper reviews models that propose to detect PE malwares. It discusses PE structure and identifies the fields and locations that are vulnerable to malwares. It also explains the use of the human immune system and co-stimulation signals as a way to build a biological model for improving the ability of PE malware detection systems.
 
Key words: Malware detection, false alarm, PE files, immunity system, co-stimulation signals.

Copyright © 2024 Author(s) retain the copyright of this article.

This article is published under the terms of the Creative Commons Attribution License 4.0

Back to Vol. 5 No. 15
Back to articles
  • Articles on Google by:
SUBSCRIBE TO RSS
SUBMIT MANUSCRIPT
CONFERENCES