@inproceedings{52a0380bcba14ca796a5770a2f795043,
title = "System Call-Based Detection of Malicious Processes",
abstract = "System call analysis is a behavioral malware detection technique that is popular due to its promising detection results and ease of implementation. This study describes a system that uses system call analysis to detect malware that evade traditional defenses. The system monitors executing processes to identify compromised hosts in production environments. Experimental results compare the effectiveness of multiple feature extraction strategies and detectors based on their detection accuracy at low false positive rates. Logistic regression and support vector machines consistently outperform log-likelihood ratio and signature detectors as processing and detection methods. A feature selection study indicates that a relatively small set of system call 3-grams provide detection accuracy comparable to that of more complex models. A case study indicates that the detection system performs well against a variety of malware samples, benign workloads, and host configurations.",
keywords = "detection, machine learning, malware, system call analysis",
author = "Raymond Canzanese and Spiros Mancoridis and Moshe Kam",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; IEEE International Conference on Software Quality, Reliability and Security, QRS 2015 ; Conference date: 03-08-2015 Through 05-08-2015",
year = "2015",
month = sep,
day = "21",
doi = "10.1109/QRS.2015.26",
language = "English (US)",
series = "Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "119--124",
booktitle = "Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015",
address = "United States",
}