Portal Publikasi Hasil Penelitian Dosen-Dosen STMIK IBBI (dikelola LPPM)
Publish No.:000003
Title:Aplikasi Pembatasan Pengaktifan Executable dengan System Service Dispatch Table (SSDT) Hook
Institution:Teknik Informatika STMIK IBBI
Keyword:malware infection prevention
Abstract:Antivirus technology uses patterns approach and heuristic approach to detecting the presence and malware attacks. The pattern approach has one step late to the malware existence, this approach is available when the malware samples can be obtained for pattern extraction, whereas heuristic approach runs into problems of false alarms and tend to disturb the comfort of the user. Nowadays, malware authors tend to use attacks that exploit zero-day vulnerabilities that are not known by the user or software creator. Based on data from Symantec that the highest mechanism for distributing malware in 2010 is through the file exchange using a USB flash media, exploitation of the AutoRun facility and the MS08-067 vulnerability. In this paper the authors would like to offer an approach to the malware infections prevention by limiting launch of executable files from the folder %SystemRoot % and %ProgramFiles% using kernel level SSDT API hooking.
Publisher:Jurnal Ilmiah Ilmu Komputer, FIK-UPH
Publish Date:01 Mar 12
Right:Jurnal Ilmiah Ilmu Komputer
Journal Title:Jurnal Ilmiah Ilmu Komputer, Vol. 8 No. 2 Maret 2012: 1-2