skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Integrating multiple data sources for malware classification

Abstract

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.

Inventors:
; ;
Publication Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1178661
Patent Number(s):
9,021,589
Application Number:
13/909,985
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM) LANL
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2013 Jun 04
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Integrating multiple data sources for malware classification. United States: N. p., 2015. Web.
Anderson, Blake Harrell, Storlie, Curtis B, & Lane, Terran. Integrating multiple data sources for malware classification. United States.
Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Tue . "Integrating multiple data sources for malware classification". United States. doi:. https://www.osti.gov/servlets/purl/1178661.
@article{osti_1178661,
title = {Integrating multiple data sources for malware classification},
author = {Anderson, Blake Harrell and Storlie, Curtis B and Lane, Terran},
abstractNote = {Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Apr 28 00:00:00 EDT 2015},
month = {Tue Apr 28 00:00:00 EDT 2015}
}

Patent:

Save / Share:

Works referenced in this record:

Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006

  • Kruegel, Christopher; Kirda, Engin; Mutz, Darren
  • Recent Advances in Intrusion Detection, p. 207-226
  • DOI: 10.1007/11663812_11