Method for Detecting Unknown Malicious Executables

Authors:
Boris Rozenberg;Ehud Gudes;Yuval Elovici;Yuval Fledel
Affiliations:
Deutche Telekom Laboratories at BGU and Department of Computer Science, Ben Gurion University, Beer Sheva, Israel 84105;Deutche Telekom Laboratories at BGU and Department of Computer Science, Ben Gurion University, Beer Sheva, Israel 84105;Deutche Telekom Laboratories at BGU and Department of Information System Engineering, Ben Gurion University, Beer Sheva, Israel 84105;Deutche Telekom Laboratories at BGU and Department of Information System Engineering, Ben Gurion University, Beer Sheva, Israel 84105
Venue:
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Year:
2009

Citing 2
Cited 0

SPADE: an efficient algorithm for mining frequent sequences

Machine Learning
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a method for detecting new malicious executables, which comprises the steps of: (a) in a training phase, finding a collection of system call sequences that are characteristic only to malicious files, and storing said sequences in a database; (b) in a runtime phase, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences within the database, and when a match is found, declaring said executable as malicious.