Title :
Malware analysis with graph kernels and support vector machines
Author :
Wagner, Cynthia ; Wagener, Gerard ; State, Radu ; Engel, Thomas
Author_Institution :
Secan-Lab., Univ. of Luxembourg, Luxembourg, Luxembourg
Abstract :
This paper addresses a fundamentally new method for analyzing the behavior of executed applications and sessions. We describe a modeling framework capable of representing relationships among processes belonging to the same session in an integrated way, as well as the information related to the underlying system calls executed. We leverage for this purpose graph-based kernels and support vector machines (SVM) in order to classify either individually monitored applications or more comprehensive user sessions. Our approach can serve both as a host-level intrusion detection and application level monitoring and as an adaptive jail framework.
Keywords :
graph theory; invasive software; support vector machines; SVM; application level monitoring; graph kernels; host-level intrusion detection; malware analysis; support vector machines; Computer architecture; Condition monitoring; In vitro; Information analysis; Intrusion detection; Kernel; Software systems; Support vector machine classification; Support vector machines; Tree graphs;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4244-5786-1
DOI :
10.1109/MALWARE.2009.5403018
