Integrating multiple data sources for malware classification
Abstract
Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.
- Inventors:
- Issue Date:
- Research Org.:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1178661
- Patent Number(s):
- 9021589
- Application Number:
- 13/909,985
- Assignee:
- Los Alamos National Security, LLC (Los Alamos, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- AC52-06NA25396
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2013 Jun 04
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Integrating multiple data sources for malware classification. United States: N. p., 2015.
Web.
Anderson, Blake Harrell, Storlie, Curtis B, & Lane, Terran. Integrating multiple data sources for malware classification. United States.
Anderson, Blake Harrell, Storlie, Curtis B, and Lane, Terran. Tue .
"Integrating multiple data sources for malware classification". United States. https://www.osti.gov/servlets/purl/1178661.
@article{osti_1178661,
title = {Integrating multiple data sources for malware classification},
author = {Anderson, Blake Harrell and Storlie, Curtis B and Lane, Terran},
abstractNote = {Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Apr 28 00:00:00 EDT 2015},
month = {Tue Apr 28 00:00:00 EDT 2015}
}
Works referenced in this record:
Malware analysis with graph kernels and support vector machines
conference, October 2009
- Wagner, Cynthia; Wagener, Gerard; State, Radu
- 2009 4th International Conference on Malicious and Unwanted Software (MALWARE)
The Adaptive Lasso and Its Oracle Properties
journal, December 2006
- Zou, Hui
- Journal of the American Statistical Association, Vol. 101, Issue 476
Regularization and variable selection via the elastic net
journal, April 2005
- Zou, Hui; Hastie, Trevor
- Journal of the Royal Statistical Society: Series B (Statistical Methodology), Vol. 67, Issue 2
Improving malware classification: bridging the static/dynamic gap
conference, January 2012
- Anderson, Blake; Storlie, Curtis; Lane, Terran
- Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec '12
Graph-based malware detection using dynamic analysis
journal, June 2011
- Anderson, Blake; Quist, Daniel; Neil, Joshua
- Journal in Computer Virology, Vol. 7, Issue 4
Large-scale malware indexing using function-call graphs
conference, January 2009
- Hu, Xin; Chiueh, Tzi-cker; Shin, Kang G.
- Proceedings of the 16th ACM conference on Computer and communications security - CCS '09
Learning to detect malicious executables in the wild
conference, January 2004
- Kolter, Jeremy Z.; Maloof, Marcus A.
- Proceedings of the 2004 ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '04
Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006
- Kruegel, Christopher; Kirda, Engin; Mutz, Darren
- Recent Advances in Intrusion Detection, p. 207-226
N-gram analysis for computer virus detection
journal, November 2006
- Reddy, D. Krishna Sandeep; Pujari, Arun K.
- Journal in Computer Virology, Vol. 2, Issue 3