DocumentCode :
175421
Title :
Application of a Linear Time Method for Change Point Detection to the Classification of Software
Author :
Bolton, Alexander ; Heard, Nick
Author_Institution :
Dept. of Math., Imperial Coll. London, London, UK
fYear :
2014
fDate :
24-26 Sept. 2014
Firstpage :
292
Lastpage :
295
Abstract :
A computer program´s dynamic instruction trace is the sequence of instructions it generates during run-time. This article presents a method for analysing dynamic instruction traces, with an application in malware detection. Instruction traces can be modelled as piecewise homogeneous Markov chains and an exact linear time method is used for detecting change points in the transition probability matrix. The change points divide the instruction trace into segments performing different functions. If segments performing malicious functions can be detected then the software can be classified as malicious. The change point detection method is applied to both a simulated dynamic instruction trace and the dynamic instruction trace generated by a piece of malware.
Keywords :
Markov processes; invasive software; matrix algebra; probability; change point detection method; computer program dynamic instruction trace analysis; exact linear time method; instruction sequence; instruction trace modelling; malicious functions; malware detection; piecewise homogeneous Markov chains; simulated dynamic instruction trace; software classification; transition probability matrix; Computational modeling; Computers; Educational institutions; Heuristic algorithms; Malware; Markov processes; Software; PELT algorithm; change point analysis; malware; piecewise homogeneous Markov chain;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Conference_Location :
The Hague
Print_ISBN :
978-1-4799-6363-8
Type :
conf
DOI :
10.1109/JISIC.2014.58
Filename :
6975595
Link To Document :
بازگشت