Journal & Conference Proceeding Publications

ID Code : CSC 0026
Title : Automated Blocking of Malicious Code with NDIS Intermediate Driver
Author/s : Lee Ling Chuan
Chan Lee Yee
Mahamod Ismail
Kasmiran Jumari
Abstract : With the evolution of malware technology, modern malware often hide its malicious behaviour in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms, which detecting the malicious behaviours. In this paper, we give an overview of the automated blocking malicious code project, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this project focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is, it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting security-related properties from network traffic directly, our project enables a principled, root cause based approach to computer security, offering novel and effective solutions.
Publication : 13th International Conference on Advanced Communication Technology
Year Published : 2011|700-704|IEEE Conference Proceeding
PDF / Official URL :