Integrating multiple data sources for malware classification

Anderson, Blake Harrell; Storlie, Curtis B; Lane, Terran

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Integrating multiple data sources for malware classification

Abstract

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.

Inventors:: Anderson, Blake Harrell; Storlie, Curtis B; Lane, Terran

Issue Date:: Tue Apr 28 00:00:00 EDT 2015

Research Org.:: Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1178661

Patent Number(s):: 9021589

Application Number:: 13/909,985

Assignee:: Los Alamos National Security, LLC (Los Alamos, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F21/566 - {Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities}

Show less

DOE Contract Number:: AC52-06NA25396

Resource Type:: Patent

Resource Relation:: Patent File Date: 2013 Jun 04

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Integrating multiple data sources for malware classification.  United States: N. p., 2015. 
        Web.

Copy to clipboard


                    Anderson, Blake Harrell, Storlie, Curtis B, & Lane, Terran. Integrating multiple data sources for malware classification.  United States.

Copy to clipboard


                    Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Tue .  
        "Integrating multiple data sources for malware classification".  United States.  https://www.osti.gov/servlets/purl/1178661.

Copy to clipboard


                    
@article{osti_1178661,

  title        = {Integrating multiple data sources for malware classification},

  author       = {Anderson, Blake Harrell and Storlie, Curtis B and Lane, Terran},

  abstractNote = {Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Apr 28 00:00:00 EDT 2015},

  month        = {Tue Apr 28 00:00:00 EDT 2015}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Malware analysis with graph kernels and support vector machines
conference, October 2009

Wagner, Cynthia; Wagener, Gerard; State, Radu
2009 4th International Conference on Malicious and Unwanted Software (MALWARE)
https://doi.org/10.1109/malware.2009.5403018

The Adaptive Lasso and Its Oracle Properties
journal, December 2006

Zou, Hui
Journal of the American Statistical Association, Vol. 101, Issue 476
https://doi.org/10.1198/016214506000000735

Regularization and variable selection via the elastic net
journal, April 2005

Zou, Hui; Hastie, Trevor
Journal of the Royal Statistical Society: Series B (Statistical Methodology), Vol. 67, Issue 2
https://doi.org/10.1111/j.1467-9868.2005.00503.x

Improving malware classification: bridging the static/dynamic gap
conference, January 2012

Anderson, Blake; Storlie, Curtis; Lane, Terran
Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec '12
https://doi.org/10.1145/2381896.2381900

Graph-based malware detection using dynamic analysis
journal, June 2011

Anderson, Blake; Quist, Daniel; Neil, Joshua
Journal in Computer Virology, Vol. 7, Issue 4
https://doi.org/10.1007/s11416-011-0152-x

Large-scale malware indexing using function-call graphs
conference, January 2009

Hu, Xin; Chiueh, Tzi-cker; Shin, Kang G.
Proceedings of the 16th ACM conference on Computer and communications security - CCS '09
https://doi.org/10.1145/1653662.1653736

Learning to detect malicious executables in the wild
conference, January 2004

Kolter, Jeremy Z.; Maloof, Marcus A.
Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '04
https://doi.org/10.1145/1014052.1014105

Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006

Kruegel, Christopher; Kirda, Engin; Mutz, Darren
Recent Advances in Intrusion Detection, p. 207-226
https://doi.org/10.1007/11663812_11

N-gram analysis for computer virus detection
journal, November 2006

Reddy, D. Krishna Sandeep; Pujari, Arun K.
Journal in Computer Virology, Vol. 2, Issue 3
https://doi.org/10.1007/s11416-006-0027-8

Similar Records in DOE Patents and OSTI.GOV collections:

Statistical fingerprinting for malware detection and classification

Patent Prowell, Stacy J.; Rathgeb, Christopher T.

A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device.more » « less
Full Text Available
System and method for integrating and accessing multiple data sources within a data warehouse architecture

Patent Musick, Charles R [Castro Valley, CA]; Critchlow, Terence [Livermore, CA]; Ganesh, Madhaven [San Jose, CA]; ...

A system and method is disclosed for integrating and accessing multiple data sources within a data warehouse architecture. The metadata formed by the present method provide a way to declaratively present domain specific knowledge, obtained by analyzing data sources, in a consistent and useable way. Four types of information are represented by the metadata: abstract concepts, databases, transformations and mappings. A mediator generator automatically generates data management computer code based on the metadata. The resulting code defines a translation library and a mediator class. The translation library provides a data representation for domain specific knowledge represented in a data warehouse,more » « less
Full Text Available
Method and system of integrating information from multiple sources

Patent Alford, Francine A [Livermore, CA]; Brinkerhoff, David L [Antioch, CA]

A system and method of integrating information from multiple sources in a document centric application system. A plurality of application systems are connected through an object request broker to a central repository. The information may then be posted on a webpage. An example of an implementation of the method and system is an online procurement system.
Full Text Available
Context-based automated defect classification system using multiple morphological masks

Patent Gleason, Shaun S [Knoxville, TN]; Hunt, Martin A [Knoxville, TN]; Sari-Sarraf, Hamed [Lubbock, TX]

Automatic detection of defects during the fabrication of semiconductor wafers is largely automated, but the classification of those defects is still performed manually by technicians. This invention includes novel digital image analysis techniques that generate unique feature vector descriptions of semiconductor defects as well as classifiers that use these descriptions to automatically categorize the defects into one of a set of pre-defined classes. Feature extraction techniques based on multiple-focus images, multiple-defect mask images, and segmented semiconductor wafer images are used to create unique feature-based descriptions of the semiconductor defects. These feature-based defect descriptions are subsequently classified by a defect classifiermore » « less
Full Text Available
Superpixels for improved structure and terrain classification using multiple synthetic aperture radar image products

Patent Moya, Mary M.; Koch, Mark W.; Perkins, David Nikolaus

Various embodiments presented herein relate to assigning labels to segments of a synthetic aperture radar (SAR) image, where the segments are based upon a speckle-reduced SAR image product. A plurality of SAR images of a scene are co-registered to form a registered stack of SAR images. A speckle-reduced SAR image product is generated based upon at least one registered SAR image in the registered stack of SAR images. The speckle-reduced SAR image product is segmented into a plurality of superpixels, and boundaries of the superpixels are applied to the at least one registered SAR image to form a segmented SARmore » « less
Full Text Available

Similar Records

Title: Integrating multiple data sources for malware classification

Abstract

Citation Formats

Malware analysis with graph kernels and support vector machines conference, October 2009

The Adaptive Lasso and Its Oracle Properties journal, December 2006

Regularization and variable selection via the elastic net journal, April 2005

Improving malware classification: bridging the static/dynamic gap conference, January 2012

Graph-based malware detection using dynamic analysis journal, June 2011

Large-scale malware indexing using function-call graphs conference, January 2009

Learning to detect malicious executables in the wild conference, January 2004

Polymorphic Worm Detection Using Structural Information of Executables book, January 2006

N-gram analysis for computer virus detection journal, November 2006

Malware analysis with graph kernels and support vector machines
conference, October 2009

The Adaptive Lasso and Its Oracle Properties
journal, December 2006

Regularization and variable selection via the elastic net
journal, April 2005

Improving malware classification: bridging the static/dynamic gap
conference, January 2012

Graph-based malware detection using dynamic analysis
journal, June 2011

Large-scale malware indexing using function-call graphs
conference, January 2009

Learning to detect malicious executables in the wild
conference, January 2004

Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006

N-gram analysis for computer virus detection
journal, November 2006