Malware Analysis with Tree Automata Inference View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2011

AUTHORS

Domagoj Babić , Daniel Reynaud , Dawn Song

ABSTRACT

The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freely-available randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testable tree automata from system call dataflow dependency graphs and discuss the use of inferred automata in malware recognition and classification. More... »

PAGES

116-131

Book

TITLE

Computer Aided Verification

ISBN

978-3-642-22109-5
978-3-642-22110-1

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-22110-1_10

DOI

http://dx.doi.org/10.1007/978-3-642-22110-1_10

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1038042348


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of California, Berkeley, USA", 
          "id": "http://www.grid.ac/institutes/grid.47840.3f", 
          "name": [
            "University of California, Berkeley, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Babi\u0107", 
        "givenName": "Domagoj", 
        "id": "sg:person.013233315515.57", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013233315515.57"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Berkeley, USA", 
          "id": "http://www.grid.ac/institutes/grid.47840.3f", 
          "name": [
            "University of California, Berkeley, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Reynaud", 
        "givenName": "Daniel", 
        "id": "sg:person.012604260402.56", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012604260402.56"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Berkeley, USA", 
          "id": "http://www.grid.ac/institutes/grid.47840.3f", 
          "name": [
            "University of California, Berkeley, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Song", 
        "givenName": "Dawn", 
        "id": "sg:person.01143152610.86", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2011", 
    "datePublishedReg": "2011-01-01", 
    "description": "The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freely-available randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testable tree automata from system call dataflow dependency graphs and discuss the use of inferred automata in malware recognition and classification.", 
    "editor": [
      {
        "familyName": "Gopalakrishnan", 
        "givenName": "Ganesh", 
        "type": "Person"
      }, 
      {
        "familyName": "Qadeer", 
        "givenName": "Shaz", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-22110-1_10", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-642-22109-5", 
        "978-3-642-22110-1"
      ], 
      "name": "Computer Aided Verification", 
      "type": "Book"
    }, 
    "keywords": [
      "signature-based methods", 
      "signature detection methods", 
      "detection method", 
      "malware detection", 
      "malware recognition", 
      "malware authors", 
      "obfuscation tools", 
      "malware behavior", 
      "malware analysis", 
      "malware samples", 
      "formal methods", 
      "source code", 
      "inferred automata", 
      "dependency graph", 
      "classical ad", 
      "security community", 
      "tree automata", 
      "syntactic patterns", 
      "automata", 
      "new approach", 
      "malware", 
      "such commonalities", 
      "line of research", 
      "algorithm", 
      "tool", 
      "inference", 
      "graph", 
      "AD", 
      "code", 
      "classification", 
      "recognition", 
      "method", 
      "detection", 
      "use", 
      "commonalities", 
      "research", 
      "community", 
      "behavior", 
      "analysis", 
      "similar behavior", 
      "authors", 
      "patterns", 
      "trade", 
      "economy", 
      "lines", 
      "samples", 
      "paper", 
      "problem", 
      "approach"
    ], 
    "name": "Malware Analysis with Tree Automata Inference", 
    "pagination": "116-131", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1038042348"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-22110-1_10"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-22110-1_10", 
      "https://app.dimensions.ai/details/publication/pub.1038042348"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-10T10:53", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/chapter/chapter_45.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-642-22110-1_10"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-22110-1_10'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-22110-1_10'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-22110-1_10'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-22110-1_10'


 

This table displays all metadata directly associated to this object as RDF triples.

128 TRIPLES      23 PREDICATES      75 URIs      68 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-22110-1_10 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N0c769e25f05547e0bef2fe0b4f2d90e2
4 schema:datePublished 2011
5 schema:datePublishedReg 2011-01-01
6 schema:description The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freely-available randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testable tree automata from system call dataflow dependency graphs and discuss the use of inferred automata in malware recognition and classification.
7 schema:editor Ne37212aa2e3c4e9cafd4d7fb822a4d07
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N0ae6412fa5b94ae1973b5670f82dc237
12 schema:keywords AD
13 algorithm
14 analysis
15 approach
16 authors
17 automata
18 behavior
19 classical ad
20 classification
21 code
22 commonalities
23 community
24 dependency graph
25 detection
26 detection method
27 economy
28 formal methods
29 graph
30 inference
31 inferred automata
32 line of research
33 lines
34 malware
35 malware analysis
36 malware authors
37 malware behavior
38 malware detection
39 malware recognition
40 malware samples
41 method
42 new approach
43 obfuscation tools
44 paper
45 patterns
46 problem
47 recognition
48 research
49 samples
50 security community
51 signature detection methods
52 signature-based methods
53 similar behavior
54 source code
55 such commonalities
56 syntactic patterns
57 tool
58 trade
59 tree automata
60 use
61 schema:name Malware Analysis with Tree Automata Inference
62 schema:pagination 116-131
63 schema:productId N85790761e98c414f8568ad7214dbb646
64 Nc019e37dd4c04188b528afbc33aab769
65 schema:publisher N9735ac1c25e14262aae012aecca39c37
66 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038042348
67 https://doi.org/10.1007/978-3-642-22110-1_10
68 schema:sdDatePublished 2022-05-10T10:53
69 schema:sdLicense https://scigraph.springernature.com/explorer/license/
70 schema:sdPublisher N5ce81942c74f4a27a8a3f76ae1ec1861
71 schema:url https://doi.org/10.1007/978-3-642-22110-1_10
72 sgo:license sg:explorer/license/
73 sgo:sdDataset chapters
74 rdf:type schema:Chapter
75 N0ad94b2caffe42a4b509d5ad974c031f rdf:first N27b8f8bb7f134f6992643a3d930317fb
76 rdf:rest rdf:nil
77 N0ae6412fa5b94ae1973b5670f82dc237 schema:isbn 978-3-642-22109-5
78 978-3-642-22110-1
79 schema:name Computer Aided Verification
80 rdf:type schema:Book
81 N0c14924d0fb94a1891b3302fe0fb8c0b rdf:first sg:person.012604260402.56
82 rdf:rest N6e4306b3d6c8403c988a427ad8d798c6
83 N0c769e25f05547e0bef2fe0b4f2d90e2 rdf:first sg:person.013233315515.57
84 rdf:rest N0c14924d0fb94a1891b3302fe0fb8c0b
85 N27b8f8bb7f134f6992643a3d930317fb schema:familyName Qadeer
86 schema:givenName Shaz
87 rdf:type schema:Person
88 N5ce81942c74f4a27a8a3f76ae1ec1861 schema:name Springer Nature - SN SciGraph project
89 rdf:type schema:Organization
90 N61db56de19cc4a12bc5dc52cf8da8fa7 schema:familyName Gopalakrishnan
91 schema:givenName Ganesh
92 rdf:type schema:Person
93 N6e4306b3d6c8403c988a427ad8d798c6 rdf:first sg:person.01143152610.86
94 rdf:rest rdf:nil
95 N85790761e98c414f8568ad7214dbb646 schema:name doi
96 schema:value 10.1007/978-3-642-22110-1_10
97 rdf:type schema:PropertyValue
98 N9735ac1c25e14262aae012aecca39c37 schema:name Springer Nature
99 rdf:type schema:Organisation
100 Nc019e37dd4c04188b528afbc33aab769 schema:name dimensions_id
101 schema:value pub.1038042348
102 rdf:type schema:PropertyValue
103 Ne37212aa2e3c4e9cafd4d7fb822a4d07 rdf:first N61db56de19cc4a12bc5dc52cf8da8fa7
104 rdf:rest N0ad94b2caffe42a4b509d5ad974c031f
105 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
106 schema:name Information and Computing Sciences
107 rdf:type schema:DefinedTerm
108 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
109 schema:name Artificial Intelligence and Image Processing
110 rdf:type schema:DefinedTerm
111 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.47840.3f
112 schema:familyName Song
113 schema:givenName Dawn
114 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
115 rdf:type schema:Person
116 sg:person.012604260402.56 schema:affiliation grid-institutes:grid.47840.3f
117 schema:familyName Reynaud
118 schema:givenName Daniel
119 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012604260402.56
120 rdf:type schema:Person
121 sg:person.013233315515.57 schema:affiliation grid-institutes:grid.47840.3f
122 schema:familyName Babić
123 schema:givenName Domagoj
124 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013233315515.57
125 rdf:type schema:Person
126 grid-institutes:grid.47840.3f schema:alternateName University of California, Berkeley, USA
127 schema:name University of California, Berkeley, USA
128 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...