Mori Akira, Sawada Toshimi, Izumida Tomonori, Inoue Tadashi
Journal of the National Institute of Information and Communications Technology Vol.52 Nos.1/2 2005, pp.75-88
2005
We give an overview of a tool detect computer viruses without relying on "pattern files" that contain "signatures" of previously captured viruses. The system combines static code analysis with code simulation to identify malicious behaviors commonly found in computer viruses such as mass mailing, file infection, and registry overwrite. These prohibited behaviors are defined separately as security policies at the level of API library function calls in a state-transition like language. The current tool targets at Win32 binary viruses on Intel IA32 architectures and experiments show that they can detect most email viruses that had spread in the wild in recent years.