DocumentCode
3349064
Title
Malware analysis with graph kernels and support vector machines
Author
Wagner, Cynthia ; Wagener, Gerard ; State, Radu ; Engel, Thomas
Author_Institution
Secan-Lab., Univ. of Luxembourg, Luxembourg, Luxembourg
fYear
2009
fDate
13-14 Oct. 2009
Firstpage
63
Lastpage
68
Abstract
This paper addresses a fundamentally new method for analyzing the behavior of executed applications and sessions. We describe a modeling framework capable of representing relationships among processes belonging to the same session in an integrated way, as well as the information related to the underlying system calls executed. We leverage for this purpose graph-based kernels and support vector machines (SVM) in order to classify either individually monitored applications or more comprehensive user sessions. Our approach can serve both as a host-level intrusion detection and application level monitoring and as an adaptive jail framework.
Keywords
graph theory; invasive software; support vector machines; SVM; application level monitoring; graph kernels; host-level intrusion detection; malware analysis; support vector machines; Computer architecture; Condition monitoring; In vitro; Information analysis; Intrusion detection; Kernel; Software systems; Support vector machine classification; Support vector machines; Tree graphs;
fLanguage
English
Publisher
ieee
Conference_Titel
Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
Conference_Location
Montreal, QC
Print_ISBN
978-1-4244-5786-1
Type
conf
DOI
10.1109/MALWARE.2009.5403018
Filename
5403018
Link To Document