Respuesta :
Integrity checking is a malware detection methods establishes a baseline of the system and will alert the user if any suspicious system changes occur.
Technique to detect malware
There are several techniques that are used by an antivirus to detect malware. Some of the malware detection techniques that are commonly used by antivirus are as follows:
1. Scanning
If there is a file that is suspected of being a virus, then this file is first analyzed by a malware analyst. This malware is studied for its behavior and characteristics, then a signature is made. The scanning process is a process of looking for whether a file has a malware signature. If there is a signature malware in the file, it means that the file has been infected with malware, if not, the file is clean. There are many algorithms used to perform scanning.
2. Static Heuristics
If a scanning technique is used to detect malware whose characteristics are known, then the Heuristic technique is generally used for malware whose characteristics are not yet known. This technique does not search for malware signatures, but will try to create a new signature. So this technique tries to duplicate the way a malware analyst recognizes malware from its source code.
3. Integrity checking
Malware that infects a file, will generally make modifications to the file. So if there is a change in a file without clear authorization, then this activity is suspected as the presence of malware. This technique generally uses a checksum, so the antivirus will check the file, then this checksum will be input into the database.
When the antivirus performs a scan, the latest checksum will be compared with the checksum in the database. If there is a change, the antivirus will give an alarm. This technique has the disadvantage of giving poor accuracy results.
Learn more about malware at https://brainly.com/question/22185332.
#SPJ4
