Content deleted Content added
Talhahzafar (talk | contribs) Added a new section "Uses as a Defence Mechanism" and fixed some grammatical issues
→Features |
Talhahzafar (talk | contribs) Expanded the section Pin Tool used as a defense mechanism |
||
Line 36:
== Uses as a Defence Mechanism ==
Most scholars think that one can use Pin tool or binary instrumentation techniques to detect malwares in the future. Unlike traditional antiviruses where scanning files is used to detect
=== Utilizing System Resource Monitoring ===
Unlike traditional techniques of scanning files, this approach doesn’t need to be updated regularly and uses a more efficient way to detect malwares rather than burdening the processor by scanning all the files. This approach keeps track of the system’s resources used by a program and terminates the program if its resource usage goes beyond a given threshold limit. The good thing about this approach is that it can be implemented inside a program itself or in an antivirus.
=== Other Alternatives to Pin Tool ===
There are many other tools available to collect resource usage of running programs on the system such as [[Bell Lab]]’s strapon tool and [[Dyninst]] tool etc. [[Bell Lab]]’s tool uses the strap on technology which runs a tool to collect resources simultaneously with the program but this tool is only compatible with the programs which allow other programs to run simultaneously with them <ref>{{Cite journal|url = |title = Building secure products and solutions. Bell Labs Technical Journal|last = Gupta|first = Chandrashekhar|date = 2007|journal = |doi = 10.1002/bltj.20247|pmid = |access-date = }}</ref>. Furthermore, [[Dyninst]] tool uses [[binary rewriting]] of the program’s executable and implementable commands inside the program to check for resource usage and is very efficient. However, it is very unstable as it is a relatively new tool and crashes on large scale programs <ref>{{Cite journal|url = |title = Dynamic binary instrumentation and data aggregation on large scale systems|last = Lee|first = Schulz|date = 2007|journal = International Journal of Parallel Programming|doi = |pmid = |access-date = }}</ref>. Lastly, [[Intel]] Pin tool uses static binary instrumentation and runs the program as a part of itself while keeping track of all its resources<ref>{{Cite journal|title = Analyzing Parallel Programs with PIN|url = http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5427374|journal = Computer|date = March 2010|access-date = 2015-04-27|issn = 0018-9162|pages = 34-41|volume = 43|issue = 3|doi = 10.1109/MC.2010.60|first = M.|last = Bach|first2 = M.|last2 = Charney|first3 = R.|last3 = Cohn|first4 = E.|last4 = Demikhovsky|first5 = T.|last5 = Devor|first6 = K.|last6 = Hazelwood|first7 = A.|last7 = Jaleel|first8 = Chi-Keung|last8 = Luk|first9 = G.|last9 = Lyons}}</ref>. This approach is more suitable for an antivirus as it can easily run all the processes under itself and can kill programs if they reach a maximum allocated limit as defined by the antivirus.
== See also ==
| |||