Viro-Scan : Experimental study on Malware Detection

Abstract

The rising number of malware assaults, including increasingly sophisticated malicious software, has greatly challenged conventional antivirus systems. The majority of commercial antivirus solutions derive their capabilities from extensive databases and proprietary algorithms, which results in consuming high consumption of computer resources and being less appropriate for academic efforts. This study offers “Viro-Scan,” a minimal antivirus prototype designed in Python to illustrate capabilities of hybrid malware detection anti-virus model using signature-based, heuristic, and YARA rule techniques. The system scans, detects, and quarantines potentially harmful executable files while largely expending minimal computer resources. Viro-Scan also facilitates real-time monitoring and uses available Python libraries (hashlib, os, watchdog, and yara-python) for detection and automation. Experimental testing of the prototype provides evidence for its ability to accurately detect known and unknown threats with limited false-positive rates. The study also includes comparisons to common test open-source anti-virus tools, so the practicality and scaling of Viro-Scan can be directly observed. Results reveal that a Python based hybrid detection model can provide the necessary compromise between performance effectivity, and detection reliability, which can be useful in any educational or research based cybersecurity solution.