• DocumentCode
    3349064
  • Title

    Malware analysis with graph kernels and support vector machines

  • Author

    Wagner, Cynthia ; Wagener, Gerard ; State, Radu ; Engel, Thomas

  • Author_Institution
    Secan-Lab., Univ. of Luxembourg, Luxembourg, Luxembourg
  • fYear
    2009
  • fDate
    13-14 Oct. 2009
  • Firstpage
    63
  • Lastpage
    68
  • Abstract
    This paper addresses a fundamentally new method for analyzing the behavior of executed applications and sessions. We describe a modeling framework capable of representing relationships among processes belonging to the same session in an integrated way, as well as the information related to the underlying system calls executed. We leverage for this purpose graph-based kernels and support vector machines (SVM) in order to classify either individually monitored applications or more comprehensive user sessions. Our approach can serve both as a host-level intrusion detection and application level monitoring and as an adaptive jail framework.
  • Keywords
    graph theory; invasive software; support vector machines; SVM; application level monitoring; graph kernels; host-level intrusion detection; malware analysis; support vector machines; Computer architecture; Condition monitoring; In vitro; Information analysis; Intrusion detection; Kernel; Software systems; Support vector machine classification; Support vector machines; Tree graphs;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on
  • Conference_Location
    Montreal, QC
  • Print_ISBN
    978-1-4244-5786-1
  • Type

    conf

  • DOI
    10.1109/MALWARE.2009.5403018
  • Filename
    5403018