• Giridharan M
• Selvaraj P A

In this paper to develop a VM commitment system called Secom to automatically eradicate malicious state changes when joining the contents of an OS-level VM to the host. Secom consists of three steps: grouping state changes into clusters, distinguishing between benign and malicious clusters, and committing benign clusters. Secom has three novel features. First, instead of relying on a massive volume of log data, it leverages OS-level information flow and malware behavior information to recognize malicious changes. The approach imposes a smaller performance overhead. Second, different from existing intrusion detection and recovery systems that detect compromised OS objects one by one, Secom classifies objects into clusters and then identifies malicious objects on a cluster by cluster basis. Third, to reduce the false-positive rate when identifying malicious clusters, it simultaneously considers two malware behaviors that are of different types and the origin of the processes that exhibit these behaviors, rather than considers a individual behavior alone as done by existing malware detection methods. Multi-various execution is an intrusion detection mechanism that executes several slightly different versions, called variants, of the same program in lockstep. The variants are built to have individual behavior under normal execution conditions. However, when the variants are under attack, there are detectable differences in their execution behavior At run time, a monitor compares the behavior of the variants at certain synchronization points and raises an alarm when a discrepancy is detected. The project presents a monitoring mechanism that does not need any kernel privileges to supervise the variants. Many sources of differences, including asynchronous signals and scheduling of multi-threaded or multi-process applications, can cause diversity in behavior of variants. These diversity cause false alarms.

VM, Cluster, Malware Detection, SECOM, MVEE

"Survey of Malware Detection Using MVEE Model", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.6, Issue 3, page no.72-80, March-2019, Available :http://www.jetir.org/papers/JETIR1903011.pdf

"Survey of Malware Detection Using MVEE Model", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.6, Issue 3, page no. pp72-80, March-2019, Available at : http://www.jetir.org/papers/JETIR1903011.pdf