Recognizing malicious software behaviors with tree automata inference View Full Text


Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2012-04-11

AUTHORS

Domagoj Babić, Daniel Reynaud, Dawn Song

ABSTRACT

We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification. More... »

PAGES

107-128

References to SciGraph publications

  • 2001. Automata Theory and its Applications in NONE
  • 2005. Detecting Malicious Code by Model Checking in DETECTION OF INTRUSIONS AND MALWARE, AND VULNERABILITY ASSESSMENT
  • 2008-09-27. Architecture of a morphological malware detector in JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES
  • 2011. Malware Analysis with Tree Automata Inference in COMPUTER AIDED VERIFICATION
  • 2007. Using Verification Technology to Specify and Detect Malware in COMPUTER AIDED SYSTEMS THEORY – EUROCAST 2007
  • 2008-01-01. Automatically Identifying Trigger-based Behavior in Malware in BOTNET DETECTION
  • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s10703-012-0149-1

    DOI

    http://dx.doi.org/10.1007/s10703-012-0149-1

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1048771704


    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

    [
      {
        "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
        "about": [
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Information and Computing Sciences", 
            "type": "DefinedTerm"
          }, 
          {
            "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
            "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
            "name": "Computer Software", 
            "type": "DefinedTerm"
          }
        ], 
        "author": [
          {
            "affiliation": {
              "alternateName": "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA", 
              "id": "http://www.grid.ac/institutes/grid.47840.3f", 
              "name": [
                "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Babi\u0107", 
            "givenName": "Domagoj", 
            "id": "sg:person.013233315515.57", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013233315515.57"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA", 
              "id": "http://www.grid.ac/institutes/grid.47840.3f", 
              "name": [
                "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Reynaud", 
            "givenName": "Daniel", 
            "id": "sg:person.012604260402.56", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012604260402.56"
            ], 
            "type": "Person"
          }, 
          {
            "affiliation": {
              "alternateName": "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA", 
              "id": "http://www.grid.ac/institutes/grid.47840.3f", 
              "name": [
                "Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA"
              ], 
              "type": "Organization"
            }, 
            "familyName": "Song", 
            "givenName": "Dawn", 
            "id": "sg:person.01143152610.86", 
            "sameAs": [
              "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86"
            ], 
            "type": "Person"
          }
        ], 
        "citation": [
          {
            "id": "sg:pub.10.1007/978-3-642-22110-1_10", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1038042348", 
              "https://doi.org/10.1007/978-3-642-22110-1_10"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/11506881_11", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1011500773", 
              "https://doi.org/10.1007/11506881_11"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-3-540-75867-9_63", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1043402629", 
              "https://doi.org/10.1007/978-3-540-75867-9_63"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-0-387-68768-1_4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1035754722", 
              "https://doi.org/10.1007/978-0-387-68768-1_4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/s11416-008-0102-4", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1025528396", 
              "https://doi.org/10.1007/s11416-008-0102-4"
            ], 
            "type": "CreativeWork"
          }, 
          {
            "id": "sg:pub.10.1007/978-1-4612-0171-7", 
            "sameAs": [
              "https://app.dimensions.ai/details/publication/pub.1034425125", 
              "https://doi.org/10.1007/978-1-4612-0171-7"
            ], 
            "type": "CreativeWork"
          }
        ], 
        "datePublished": "2012-04-11", 
        "datePublishedReg": "2012-04-11", 
        "description": "We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.", 
        "genre": "article", 
        "id": "sg:pub.10.1007/s10703-012-0149-1", 
        "inLanguage": "en", 
        "isAccessibleForFree": true, 
        "isPartOf": [
          {
            "id": "sg:journal.1052628", 
            "issn": [
              "0925-9856", 
              "1572-8102"
            ], 
            "name": "Formal Methods in System Design", 
            "publisher": "Springer Nature", 
            "type": "Periodical"
          }, 
          {
            "issueNumber": "1", 
            "type": "PublicationIssue"
          }, 
          {
            "type": "PublicationVolume", 
            "volumeNumber": "41"
          }
        ], 
        "keywords": [
          "malicious software behaviors", 
          "software behavior", 
          "malware detection", 
          "malware recognition", 
          "malware behavior", 
          "formal methods", 
          "inferred automata", 
          "dependency graph", 
          "tree automata", 
          "automata", 
          "new approach", 
          "inference", 
          "graph", 
          "classification", 
          "recognition", 
          "tool", 
          "detection", 
          "method", 
          "behavior", 
          "trade", 
          "analysis", 
          "approach"
        ], 
        "name": "Recognizing malicious software behaviors with tree automata inference", 
        "pagination": "107-128", 
        "productId": [
          {
            "name": "dimensions_id", 
            "type": "PropertyValue", 
            "value": [
              "pub.1048771704"
            ]
          }, 
          {
            "name": "doi", 
            "type": "PropertyValue", 
            "value": [
              "10.1007/s10703-012-0149-1"
            ]
          }
        ], 
        "sameAs": [
          "https://doi.org/10.1007/s10703-012-0149-1", 
          "https://app.dimensions.ai/details/publication/pub.1048771704"
        ], 
        "sdDataset": "articles", 
        "sdDatePublished": "2022-05-10T10:04", 
        "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
        "sdPublisher": {
          "name": "Springer Nature - SN SciGraph project", 
          "type": "Organization"
        }, 
        "sdSource": "s3://com-springernature-scigraph/baseset/20220509/entities/gbq_results/article/article_575.jsonl", 
        "type": "ScholarlyArticle", 
        "url": "https://doi.org/10.1007/s10703-012-0149-1"
      }
    ]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON.

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10703-012-0149-1'

    N-Triples is a line-based linked data format ideal for batch operations.

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10703-012-0149-1'

    Turtle is a human-readable linked data format.

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10703-012-0149-1'

    RDF/XML is a standard XML format for linked data.

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10703-012-0149-1'


     

    This table displays all metadata directly associated to this object as RDF triples.

    118 TRIPLES      22 PREDICATES      53 URIs      39 LITERALS      6 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s10703-012-0149-1 schema:about anzsrc-for:08
    2 anzsrc-for:0803
    3 schema:author N30b2892c8f324cb4b0f90b1609880467
    4 schema:citation sg:pub.10.1007/11506881_11
    5 sg:pub.10.1007/978-0-387-68768-1_4
    6 sg:pub.10.1007/978-1-4612-0171-7
    7 sg:pub.10.1007/978-3-540-75867-9_63
    8 sg:pub.10.1007/978-3-642-22110-1_10
    9 sg:pub.10.1007/s11416-008-0102-4
    10 schema:datePublished 2012-04-11
    11 schema:datePublishedReg 2012-04-11
    12 schema:description We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.
    13 schema:genre article
    14 schema:inLanguage en
    15 schema:isAccessibleForFree true
    16 schema:isPartOf N84e7b2fd6d784d5b933321a6ffeb7cbf
    17 Nad9730270b5b43e2bf90e26f13f655a2
    18 sg:journal.1052628
    19 schema:keywords analysis
    20 approach
    21 automata
    22 behavior
    23 classification
    24 dependency graph
    25 detection
    26 formal methods
    27 graph
    28 inference
    29 inferred automata
    30 malicious software behaviors
    31 malware behavior
    32 malware detection
    33 malware recognition
    34 method
    35 new approach
    36 recognition
    37 software behavior
    38 tool
    39 trade
    40 tree automata
    41 schema:name Recognizing malicious software behaviors with tree automata inference
    42 schema:pagination 107-128
    43 schema:productId N2ab510c4b00d4ed78465861b5482cc66
    44 Na72dde6c85304ce39de14de79753503f
    45 schema:sameAs https://app.dimensions.ai/details/publication/pub.1048771704
    46 https://doi.org/10.1007/s10703-012-0149-1
    47 schema:sdDatePublished 2022-05-10T10:04
    48 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    49 schema:sdPublisher Nf528d40ed92d4d1fad8f93938cb9686a
    50 schema:url https://doi.org/10.1007/s10703-012-0149-1
    51 sgo:license sg:explorer/license/
    52 sgo:sdDataset articles
    53 rdf:type schema:ScholarlyArticle
    54 N11bb5f0b86e1481d91962717a94ae4da rdf:first sg:person.012604260402.56
    55 rdf:rest Nb8f8e2ccd01e48e38644ab5a5e37a673
    56 N2ab510c4b00d4ed78465861b5482cc66 schema:name dimensions_id
    57 schema:value pub.1048771704
    58 rdf:type schema:PropertyValue
    59 N30b2892c8f324cb4b0f90b1609880467 rdf:first sg:person.013233315515.57
    60 rdf:rest N11bb5f0b86e1481d91962717a94ae4da
    61 N84e7b2fd6d784d5b933321a6ffeb7cbf schema:volumeNumber 41
    62 rdf:type schema:PublicationVolume
    63 Na72dde6c85304ce39de14de79753503f schema:name doi
    64 schema:value 10.1007/s10703-012-0149-1
    65 rdf:type schema:PropertyValue
    66 Nad9730270b5b43e2bf90e26f13f655a2 schema:issueNumber 1
    67 rdf:type schema:PublicationIssue
    68 Nb8f8e2ccd01e48e38644ab5a5e37a673 rdf:first sg:person.01143152610.86
    69 rdf:rest rdf:nil
    70 Nf528d40ed92d4d1fad8f93938cb9686a schema:name Springer Nature - SN SciGraph project
    71 rdf:type schema:Organization
    72 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    73 schema:name Information and Computing Sciences
    74 rdf:type schema:DefinedTerm
    75 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
    76 schema:name Computer Software
    77 rdf:type schema:DefinedTerm
    78 sg:journal.1052628 schema:issn 0925-9856
    79 1572-8102
    80 schema:name Formal Methods in System Design
    81 schema:publisher Springer Nature
    82 rdf:type schema:Periodical
    83 sg:person.01143152610.86 schema:affiliation grid-institutes:grid.47840.3f
    84 schema:familyName Song
    85 schema:givenName Dawn
    86 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01143152610.86
    87 rdf:type schema:Person
    88 sg:person.012604260402.56 schema:affiliation grid-institutes:grid.47840.3f
    89 schema:familyName Reynaud
    90 schema:givenName Daniel
    91 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012604260402.56
    92 rdf:type schema:Person
    93 sg:person.013233315515.57 schema:affiliation grid-institutes:grid.47840.3f
    94 schema:familyName Babić
    95 schema:givenName Domagoj
    96 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013233315515.57
    97 rdf:type schema:Person
    98 sg:pub.10.1007/11506881_11 schema:sameAs https://app.dimensions.ai/details/publication/pub.1011500773
    99 https://doi.org/10.1007/11506881_11
    100 rdf:type schema:CreativeWork
    101 sg:pub.10.1007/978-0-387-68768-1_4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1035754722
    102 https://doi.org/10.1007/978-0-387-68768-1_4
    103 rdf:type schema:CreativeWork
    104 sg:pub.10.1007/978-1-4612-0171-7 schema:sameAs https://app.dimensions.ai/details/publication/pub.1034425125
    105 https://doi.org/10.1007/978-1-4612-0171-7
    106 rdf:type schema:CreativeWork
    107 sg:pub.10.1007/978-3-540-75867-9_63 schema:sameAs https://app.dimensions.ai/details/publication/pub.1043402629
    108 https://doi.org/10.1007/978-3-540-75867-9_63
    109 rdf:type schema:CreativeWork
    110 sg:pub.10.1007/978-3-642-22110-1_10 schema:sameAs https://app.dimensions.ai/details/publication/pub.1038042348
    111 https://doi.org/10.1007/978-3-642-22110-1_10
    112 rdf:type schema:CreativeWork
    113 sg:pub.10.1007/s11416-008-0102-4 schema:sameAs https://app.dimensions.ai/details/publication/pub.1025528396
    114 https://doi.org/10.1007/s11416-008-0102-4
    115 rdf:type schema:CreativeWork
    116 grid-institutes:grid.47840.3f schema:alternateName Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA
    117 schema:name Computer Science Division, University of California, 94720-1776, Berkeley, CA, USA
    118 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)


    ...