Statistical fingerprinting for malware detection and classification
Abstract
A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.
- Inventors:
- Issue Date:
- Research Org.:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1214592
- Patent Number(s):
- 9135440
- Application Number:
- 13/955,784
- Assignee:
- UT-Battelle, LLC (Oak Ridge, TN)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- AC05-00OR22725
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2013 Jul 31
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Prowell, Stacy J., and Rathgeb, Christopher T. Statistical fingerprinting for malware detection and classification. United States: N. p., 2015.
Web.
Prowell, Stacy J., & Rathgeb, Christopher T. Statistical fingerprinting for malware detection and classification. United States.
Prowell, Stacy J., and Rathgeb, Christopher T. Tue .
"Statistical fingerprinting for malware detection and classification". United States. https://www.osti.gov/servlets/purl/1214592.
@article{osti_1214592,
title = {Statistical fingerprinting for malware detection and classification},
author = {Prowell, Stacy J. and Rathgeb, Christopher T.},
abstractNote = {A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2015},
month = {9}
}
Works referenced in this record:
Automatic analysis of a computer virus structure and means of attachment to its hosts
patent, January 1996
- Chess, David M.; Kephart, Jeffrey O.; Sorkin, Gregory Bret
- US Patent Document 5,485,575
System and method for gathering exhibited behaviors on a .NET executable module in a secure manner
patent, June 2010
- Bodorin, Daniel M.; Marinescu, Adrian
- US Patent Document 7,730,530
Method and apparatus for providing mobile device malware defense
patent, March 2013
- Demblewski, Michael
- US Patent Document 8,407,793
Behavioral detection of malware: from a survey towards an established taxonomy
journal, February 2008
- Jacob, Grégoire; Debar, Hervé; Filiol, Eric
- Journal in Computer Virology, Vol. 4, Issue 3
Countering code-injection attacks with instruction-set randomization
conference, January 2003
- Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
- CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280