skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Integrating multiple data sources for malware classification

Abstract

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1178661
Patent Number(s):
9021589
Application Number:
13/909,985
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2013 Jun 04
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Integrating multiple data sources for malware classification. United States: N. p., 2015. Web.
Anderson, Blake Harrell, Storlie, Curtis B, & Lane, Terran. Integrating multiple data sources for malware classification. United States.
Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Tue . "Integrating multiple data sources for malware classification". United States. https://www.osti.gov/servlets/purl/1178661.
@article{osti_1178661,
title = {Integrating multiple data sources for malware classification},
author = {Anderson, Blake Harrell and Storlie, Curtis B and Lane, Terran},
abstractNote = {Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2015},
month = {4}
}

Patent:

Save / Share:

Works referenced in this record:

Malware analysis with graph kernels and support vector machines
conference, October 2009


The Adaptive Lasso and Its Oracle Properties
journal, December 2006


Regularization and variable selection via the elastic net
journal, April 2005


Improving malware classification: bridging the static/dynamic gap
conference, January 2012


Graph-based malware detection using dynamic analysis
journal, June 2011


Large-scale malware indexing using function-call graphs
conference, January 2009


Learning to detect malicious executables in the wild
conference, January 2004


Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006


N-gram analysis for computer virus detection
journal, November 2006