查看文章

In modern computing, a program must utilize the operating system in order to run. To do so, the program must use system calls. These system calls provide the means for the program to access resources on the system (eg, input/output, memory, etc.). Malicious programs, or malware, must also use these system calls in order to function. Due to this, we can develop techniques to analyze the system calls used by a program in order to determine if it is malicious or benign. In this paper, we survey the methodologies used to analyze system calls for malware detection. We first examine the methods to collect system calls in varying operating systems. Then, we survey the techniques used to analyze system calls. After discussing the techniques, we briefly discuss methods where malware can thwart system call tracing techniques and how one can counter these thwarting attempts. We conclude this paper by discussing …