Real-time malware process detection and automated process killing

Abstract: Adversaries are increasingly motivated to spend energy trying to evade automatic malware detection tools. Dynamic analysis examines the behavioural trace of malware, which is difficult to obfuscate, but the time required for dynamic analysis means it is not typically used in practice for endpoint protection but rather as an analysis tool. This paper presents a run-time model to detect malicious processes and automatically kill them as they run on a real endpoint in use. This approach enables dynamic analysis t… Show more