Conference proceeding
Run-time Classification of Malicious Processes Using System Call Analysis
2015 10TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE (MALWARE), pp.21-28
01 Jan 2015
Abstract
This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a 'lightweight' service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against process-level system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations.
Metrics
4 Record Views
Details
- Title
- Run-time Classification of Malicious Processes Using System Call Analysis
- Creators
- Raymond Canzanese - Drexel Univ, Dept Elect & Comp Engn, Philadelphia, PA 19104 USASpiros Mancoridis - Drexel UniversityMoshe Kam - New Jersey Inst Technol, Newark Coll Engn, Newark, NJ 07102 USAIEEE
- Publication Details
- 2015 10TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE (MALWARE), pp.21-28
- Conference
- 2015 10TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE (MALWARE), 10th
- Publisher
- IEEE
- Number of pages
- 8
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Identifiers
- 991019170491104721
InCites Highlights
These are selected metrics from InCites Benchmarking & Analytics tool, related to this output
- Collaboration types
- Domestic collaboration
- Web of Science research areas
- Computer Science, Software Engineering