Method for Detecting Unknown Malicious Executables
暂无分享,去创建一个
We present a method for detecting new malicious executables, which comprises the steps of: (a) in a training phase, finding a collection of system call sequences that are characteristic only to malicious files, and storing said sequences in a database; (b) in a runtime phase, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences within the database, and when a match is found, declaring said executable as malicious.
[1] Marcus A. Maloof,et al. Learning to detect malicious executables in the wild , 2004, KDD.
[2] Mohammed J. Zaki,et al. SPADE: An Efficient Algorithm for Mining Frequent Sequences , 2004, Machine Learning.