Abstract | ||
---|---|---|
This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a `lightweight¿ service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against processlevel system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1109/MALWARE.2015.7413681 | MALWARE |
Keywords | Field | DocType |
run-time classification,malicious process,system call analysis,malware classification system,process-level system,process execution,ground truth labeling scheme,machine learning algorithm | Data mining,Decision tree,Algorithm design,Computer science,Computer security,Feature extraction,System call,Ground truth,Artificial intelligence,Classifier (linguistics),Malware,Machine learning | Conference |
ISBN | Citations | PageRank |
978-1-5090-0317-4 | 4 | 0.39 |
References | Authors | |
22 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Raymond Canzanese | 1 | 26 | 2.23 |
Spiros Mancoridis | 2 | 888 | 56.82 |
Moshe Kam | 3 | 290 | 49.13 |