By: Don Penven
Only the foolhardy runs a computer devoid of any sort of anti-virus protection these days.
But even if you employ the latest, greatest and most expensive anti-virus software, your program has a major weak point—if a new virus pops forth from the depths of the evil-doers den before your provider is aware of it, your computer can be easily infected. Zero-day infections are common.
But all isn’t lost. Recent developments in antivirus software incorporate built-in defenses against virus and malware intrusions even when they may be fresh off the hacker’s keyboard. These defenses usually respond to extraordinary activity that resembles the way viruses behave once they have infected a system.
In a soon-to-be-published issue of the International Journal of Electronic Security and Digital Forensics, the so-called heuristic approach combined with regularly updated antivirus software will usually protect you against known viruses and even those dreaded zero-day viruses. But in reality, however, there are inevitably some cyber-attacks that will continue to slip through the safety net.
Researchers at the Australian National University, in Acton, ACT, and the Northern Melbourne Institute of TAFE jointly with Victorian Institute of Technology, in Melbourne Victoria, have devised an approach to virus detection that acts as a third layer on top of scanning for known viruses and heuristic scanning.
This significantly new approach employs a data mining algorithm to identify malicious code on a system and the anomaly of behavior patterns detected is predominantly based on the rate at which various operating system functions. Researcher’s initial tests show an almost 100% detection rate and a false positive rate of just 2.5% for spotting embedded malicious code that is in "stealth mode" prior to being activated for particular malicious purposes.
"Securing computer systems against new diverse malware is becoming harder since it requires a continuing improvement in the detection engines," the team of Mamoun Alazab (ANU) and Sitalakshmi Venkatraman (NMIT) explain. "What is most important is to expand the knowledgebase for security research through anomaly detection by applying innovative pattern recognition techniques with appropriate machine learning algorithms to detect unknown malicious behavior."
The moral of this tale is to be certain to keep your current anti-virus software up to date and to run scans and searches often.