@inproceedings{db39f2e84b5e49ecb93703729f60f365,
title = "Run-time classification of malicious processes using system call analysis",
abstract = "This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a 'lightweight' service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against processlevel system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations.",
keywords = "Algorithm design and analysis, Decision trees, Feature extraction, Heuristic algorithms, Malware, Training, Vegetation",
author = "Raymond Canzanese and Spiros Mancoridis and Moshe Kam",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 10th International Conference on Malicious and Unwanted Software, MALWARE 2015 ; Conference date: 20-10-2015 Through 22-10-2015",
year = "2016",
month = feb,
day = "18",
doi = "10.1109/MALWARE.2015.7413681",
language = "English (US)",
series = "2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "21--28",
booktitle = "2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015",
address = "United States",
}