@inproceedings{db39f2e84b5e49ecb93703729f60f365,
title = "Run-time classification of malicious processes using system call analysis",
abstract = "This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a 'lightweight' service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against processlevel system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations.",
keywords = "Algorithm design and analysis, Decision trees, Feature extraction, Heuristic algorithms, Malware, Training, Vegetation",
author = "Raymond Canzanese and Spiros Mancoridis and Moshe Kam",
note = "Funding Information: Thank you to the KEYSPOT Network, the People's Emergency Center, the Dornsife Center for Neighborhood Partnerships, the City of Philadelphia's Mayor's Commission on Literacy, Office of Innovation and Technology (OIT), and Department of Parks and Recreation (PPR) for their support of this research. This research is sponsored by a Secure and Trustworthy Cyberspace (SaTC) award from the National Science Foundation (NSF), under grant CNS-1228847, and the Isaac L. Auerbach endowed chair for Spiros Mancoridis Publisher Copyright: {\textcopyright} 2015 IEEE.; 10th International Conference on Malicious and Unwanted Software, MALWARE 2015 ; Conference date: 20-10-2015 Through 22-10-2015",
year = "2016",
month = feb,
day = "18",
doi = "10.1109/MALWARE.2015.7413681",
language = "English (US)",
series = "2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "21--28",
booktitle = "2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015",
address = "United States",
}