Gatekeeper II: new approaches to generic virus prevention

Richard Ford Florida Institute of Technology
Matt Wagner Microsoft Corporation
Jason Michalske Florida Institute of Technology

The need for reliable detection of rapidly spreading worms has never been higher; viruses like SQL/Slammer have proven that an epidemic can occur far faster than we can react using existing technology. Thus, there has been significant interest in developing fast and reliable techniques for detecting previously unseen malicious code.

In this paper, we extend the work carried out under the Gatekeeper project, a behavioural virus detection engine with undo capability. New techniques to provide for higher virus detection rates with lower false positive rates are described for the first time, and a demonstration of the new Gatekeeper tool is given, showing detection rates that are extremely high with low processor overhead and minimal false positives. Directed attacks against Gatekeeper are considered, and novel defences described.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.