skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Integrating multiple data sources for malware classification

Abstract

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.

Inventors:
; ;
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1178661
Patent Number(s):
9,021,589
Application Number:
13/909,985
Assignee:
Los Alamos National Security, LLC (Los Alamos, NM)
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 2013 Jun 04
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Integrating multiple data sources for malware classification. United States: N. p., 2015. Web.
Anderson, Blake Harrell, Storlie, Curtis B, & Lane, Terran. Integrating multiple data sources for malware classification. United States.
Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Tue . "Integrating multiple data sources for malware classification". United States. https://www.osti.gov/servlets/purl/1178661.
@article{osti_1178661,
title = {Integrating multiple data sources for malware classification},
author = {Anderson, Blake Harrell and Storlie, Curtis B and Lane, Terran},
abstractNote = {Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2015},
month = {4}
}

Patent:

Save / Share:

Works referenced in this record:

Malware analysis with graph kernels and support vector machines
conference, October 2009

  • Wagner, Cynthia; Wagener, Gerard; State, Radu
  • 2009 4th International Conference on Malicious and Unwanted Software (MALWARE)
  • DOI: 10.1109/malware.2009.5403018

The Adaptive Lasso and Its Oracle Properties
journal, December 2006


Regularization and variable selection via the elastic net
journal, April 2005


Improving malware classification: bridging the static/dynamic gap
conference, January 2012

  • Anderson, Blake; Storlie, Curtis; Lane, Terran
  • Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec '12
  • DOI: 10.1145/2381896.2381900

Graph-based malware detection using dynamic analysis
journal, June 2011


Large-scale malware indexing using function-call graphs
conference, January 2009

  • Hu, Xin; Chiueh, Tzi-cker; Shin, Kang G.
  • Proceedings of the 16th ACM conference on Computer and communications security - CCS '09
  • DOI: 10.1145/1653662.1653736

Learning to detect malicious executables in the wild
conference, January 2004

  • Kolter, Jeremy Z.; Maloof, Marcus A.
  • Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '04
  • DOI: 10.1145/1014052.1014105

Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006

  • Kruegel, Christopher; Kirda, Engin; Mutz, Darren
  • Recent Advances in Intrusion Detection, p. 207-226
  • DOI: 10.1007/11663812_11

N-gram analysis for computer virus detection
journal, November 2006