Run-time classification of malicious processes using system call analysis

Raymond Canzanese, Spiros Mancoridis, Moshe Kam

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Scopus citations

Abstract

This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a 'lightweight' service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against processlevel system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations.

Original languageEnglish (US)
Title of host publication2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages21-28
Number of pages8
ISBN (Electronic)9781509003174
DOIs
StatePublished - Feb 18 2016
Event10th International Conference on Malicious and Unwanted Software, MALWARE 2015 - Fajardo, United States
Duration: Oct 20 2015Oct 22 2015

Publication series

Name2015 10th International Conference on Malicious and Unwanted Software, MALWARE 2015

Other

Other10th International Conference on Malicious and Unwanted Software, MALWARE 2015
Country/TerritoryUnited States
CityFajardo
Period10/20/1510/22/15

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Keywords

  • Algorithm design and analysis
  • Decision trees
  • Feature extraction
  • Heuristic algorithms
  • Malware
  • Training
  • Vegetation

Fingerprint

Dive into the research topics of 'Run-time classification of malicious processes using system call analysis'. Together they form a unique fingerprint.

Cite this