A Bray-Curtis Weighted Automaton for Detecting Malicious Code Through System-Call Analysis

Malicious code detection is one of the top subjects of interest for intrusion detection systems in today's computer security research areas. In this paper we propose a new heuristic method for detecting malicious code through system call matching, which also takes in consideration the time of t...

Full description

Saved in:
Bibliographic Details
Published in2009 11th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing pp. 392 - 400
Main Author Pungila, Ciprian-Petrisor
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.09.2009
Subjects
Aho-Corasick automata
Algorithm design and analysis
Automata
Bray-Curtis distance
Computer science
dynamic analysis
Informatics
Intrusion detection
intrusion detection system
malicious code detection
Mathematics
normalization
Pattern analysis
Performance analysis
Scientific computing
Sorensen distance
static analysis
system call timing
Online AccessGet full text
ISBN1424459109
9781424459100
DOI10.1109/SYNASC.2009.41

Cover

More Information
Summary:Malicious code detection is one of the top subjects of interest for intrusion detection systems in today's computer security research areas. In this paper we propose a new heuristic method for detecting malicious code through system call matching, which also takes in consideration the time of the system call, by using an adaptive search for an extended Aho-Corasick automaton supporting a subset of the regular expressions language, through the use of a normalization technique known as the Bray-Curtis (Sorensen) distance. We will also discuss how this technique can be applied to enrich the set of existing rules from the knowledge base for improving the detection rate.
ISBN:1424459109
9781424459100
DOI:10.1109/SYNASC.2009.41