@inproceedings{4d596ecb26234338833b92a9fc763333,
title = "Inoculation against malware infection using kernel-level software sensors",
abstract = "We present a technique for dynamic malware detection that relies on a set of sensors that monitor the interaction of applications with the underlying operating system. By monitoring the requests that each process makes to kernel-level operating system functions, we build a statistical model that describes both clean and infected systems in terms of the distribution of data collected from each sensor. The model parameters are learned from labeled training data gathered from machines infected with canonical samples of malware. We present a technique for detecting malware using the Neyman-Pearson test from classical detection theory. This technique classifies a system as either clean or infected at runtime as measurements are collected from the sensors. We provide experimental results that illustrate the effectiveness of this technique for a selection of malware samples. Additionally, we provide a performance analysis of our sensing and detection techniques in terms of the overhead they introduce to the system. Finally, we show this method to be effective in detecting previously unknown malware when trained to detect similar malware under similar load conditions.",
keywords = "fault tolerance, malware detection, system monitoring",
author = "Raymond Canzanese and Moshe Kam and Spiros Mancoridis",
note = "Copyright: Copyright 2011 Elsevier B.V., All rights reserved.; 8th ACM International Conference on Autonomic Computing, ICAC 2011 and Co-located Workshops ; Conference date: 14-06-2011 Through 18-06-2011",
year = "2011",
doi = "10.1145/1998582.1998600",
language = "English (US)",
isbn = "9781450306072",
series = "Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC 2011 and Co-located Workshops",
pages = "101--110",
booktitle = "Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC 2011 and Co-located Workshops",
}