Mining Distinguishing Patterns Based on Malware Traces
The automatic generation of malicious behavior pattern based on system caD trace is important to malware detection. This paper studied the existing generation method of malicious behavior specification. In order to reduce the complexity of pattern generation, it constructs graph which vertex label is unique, and uses these graphs to mine the pattern. To address the issue of limitation of the minimal contrast subgraph mining method, it uses multiple positive and negative samples, and proposes a mining method to mine distinguishing patterns based on mutual information. It designs the overall framework of mining process, and gives the mining algorithm. Finally, validation results demonstrate the effectiveness.
Malicious behavior System Call Trace Subgraph Mining Distinguishing Pattern Mutual Information
Xiaoyan Sun Qian Huang Yuefei Zhu Ning Guo
Zhengzhou Information Science and Technology Institute Zhengzhou, Henan, China Lanzhou University Lanzhou, Gansu, China
国际会议
成都
英文
677-681
2010-07-07(万方平台首次上网日期,不代表论文的发表时间)