Software classification using phylogenetic techniques

Steinfadt, Shannon; Immonen, Taina; Leitner, Thomas; Kyle, Michael

Title: Software classification using phylogenetic techniques

Abstract

Software, such as malware, may be classified using phylogenetic techniques. An evolutionary history of a representative set of software programs may be reconstructed to generate a reference phylogeny. Dynamic traces of the representative software programs may be obtained. The dynamic traces may include time-ordered sequences of execution commands extracted from running software binaries. Metrics may be developed using the dynamic traces. One or more unknown software programs may then be classified against the reference phylogeny using the metrics developed using the dynamic traces of the representative set of software programs.

Inventors:: Steinfadt, Shannon; Immonen, Taina; Leitner, Thomas; Kyle, Michael

Issue Date:: 2020-09-22

Research Org.:: Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1735296

Patent Number(s):: 10783247

Application Number:: 15/841,408

Assignee:: Triad National Security, LLC (Los Alamos, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/564 - {by virus signature recognition}
G06F21/566 - {Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities}
G06F2221/033 - Test or assess software

Show less

DOE Contract Number:: AC52-06NA25396

Resource Type:: Patent

Resource Relation:: Patent File Date: 12/14/2017

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, and Kyle, Michael. Software classification using phylogenetic techniques.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, & Kyle, Michael. Software classification using phylogenetic techniques.  United States.

Copy to clipboard


                    Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, and Kyle, Michael. Tue .  
        "Software classification using phylogenetic techniques".  United States.  https://www.osti.gov/servlets/purl/1735296.

Copy to clipboard


                    
@article{osti_1735296,

  title        = {Software classification using phylogenetic techniques},

  author       = {Steinfadt, Shannon and Immonen, Taina and Leitner, Thomas and Kyle, Michael},

  abstractNote = {Software, such as malware, may be classified using phylogenetic techniques. An evolutionary history of a representative set of software programs may be reconstructed to generate a reference phylogeny. Dynamic traces of the representative software programs may be obtained. The dynamic traces may include time-ordered sequences of execution commands extracted from running software binaries. Metrics may be developed using the dynamic traces. One or more unknown software programs may then be classified against the reference phylogeny using the metrics developed using the dynamic traces of the representative set of software programs.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2020},

  month        = {9}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Methods, systems, and media for detecting covert malware
patent, September 2013

Bowen, Brian M.; Prabhu, Pratap V.; Kemerlis, Vasileios P.
US Patent Document 8,528,091
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8528091

Phylogeny generation
patent, January 2011

Lakhotia, Arun; Karim, Md. Enamul; Walenstein, Andrew
US Patent Document 7,873,947
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7873947

Method, System and Program Product for Optimizing Emulation of a Suspected Malware
patent-application, September 2013

Wu, Ji Yan
US Patent Application 13/901480; 20130254890
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20130254890

APE: Analyses of Phylogenetics and Evolution in R language
journal, January 2004

Paradis, E.; Claude, J.; Strimmer, K.
Bioinformatics, Vol. 20, Issue 2
https://doi.org/10.1093/bioinformatics/btg412

Automated malware signature generation
patent, June 2018

Sun, Ning; Winkler, Patrick; Chu, Chengyun
US Patent Document 9,996,693
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9996693

Vulnerability Finding Device, Vulnerability Finding Method and Vulnerability Finding Program
patent-application, October 2017

Nakajima, Asuka; Iwamura, Makoto; Hariu, Takeo
US Patent Application 15/504116; 20170286692
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170286692

Scalable network security with fast response protocol
patent, December 2014

Haugsnes, Andreas Seip; Hahn, Markus
US Patent Document 8,914,406
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8914406

Rapid phylogenetic and functional classification of short genomic fragments with signature peptides
journal, January 2012

Berendzen, Joel; Bruno, William J.; Cohn, Judith D.
BMC Research Notes, Vol. 5, Issue 1
https://doi.org/10.1186/1756-0500-5-460

Methods and Systems for Automated Network Scanning in Dynamic Virtualized Environments
patent-application, February 2016

McGinley, Kevin; Tener, Rich
US Patent Application 14/884163; 20160036847
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160036847

Thread scanning and patching to disable injected malware threats
patent, February 2013

Jarrett, Michael Sean; Marinescu, Adrian; Gheorghescu, Marius Gheorghe
US Patent Document 8,387,139
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/8387139

Malware phylogeny generation using permutations of code
journal, September 2005

Karim, Md. Enamul.; Walenstein, Andrew; Lakhotia, Arun
Journal in Computer Virology, Vol. 1, Issue 1-2, p. 13-23
https://doi.org/10.1007/s11416-005-0002-9

System and methods for digital artifact genetic modeling and forensic analysis
patent, December 2015

Lu, Tsai-Ching; Moon, Hankyu; Holland, Gavin D.
US Patent Document 9,224,067
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9224067

Similar Records in DOE Patents and OSTI.GOV collections:

Using phylogenetic probes for quantification of stable isotope labeling and microbial community analysis

Patent Brodie, Eoin L; DeSantis, Todd Z; Karaoz, Ulas; ...

Herein is described methods for a high-sensitivity means to measure the incorporation of stable isotope labeled substrates into RNA following stable isotope probing experiments (SIP). RNA is hybridized to a set of probes such as phylogenetic microarrays and isotope incorporation is quantified such as by secondary ion mass spectrometer imaging (NanoSIMS).
Full Text Available
Classification of multispectral or hyperspectral satellite imagery using clustering of sparse approximations on sparse representations in learned dictionaries obtained using efficient convolutional sparse coding

Patent Moody, Daniela; Wohlberg, Brendt

An approach for land cover classification, seasonal and yearly change detection and monitoring, and identification of changes in man-made features may use a clustering of sparse approximations (CoSA) on sparse representations in learned dictionaries. The learned dictionaries may be derived using efficient convolutional sparse coding to build multispectral or hyperspectral, multiresolution dictionaries that are adapted to regional satellite image data. Sparse image representations of images over the learned dictionaries may be used to perform unsupervised k-means clustering into land cover categories. The clustering process behaves as a classifier in detecting real variability. This approach may combine spectral and spatial texturalmore » « less
Full Text Available
Classification of materials using nuclear magnetic resonance dispersion and/or x-ray absorption

Patent Espy, Michelle A.; Matlashov, Andrei N.; Schultz, Larry J.; ...

Methods for determining the identity of a substance are provided. A classification parameter set is defined to allow identification of substances that previously could not be identified or to allow identification of substances with a higher degree of confidence. The classification parameter set may include at least one of relative nuclear susceptibility (RNS) or an x-ray linear attenuation coefficient (LAC). RNS represents the density of hydrogen nuclei present in a substance relative to the density of hydrogen nuclei present in water. The extended classification parameter set may include T₁, T₂, and/or T₁rho as well as at least one additional classificationmore » « less
Full Text Available
Hypothesis-driven classification of materials using nuclear magnetic resonance relaxometry

Patent Espy, Michelle A.; Matlashov, Andrei N.; Schultz, Larry J.; ...

Technologies related to identification of a substance in an optimized manner are provided. A reference group of known materials is identified. Each known material has known values for several classification parameters. The classification parameters comprise at least one of T.sub.1, T.sub.2, T.sub.1.rho., a relative nuclear susceptibility (RNS) of the substance, and an x-ray linear attenuation coefficient (LAC) of the substance. A measurement sequence is optimized based on at least one of a measurement cost of each of the classification parameters and an initial probability of each of the known materials in the reference group.
Full Text Available
Terrain detection and classification using single polarization SAR

Patent Chow, James G.; Koch, Mark W.

The various technologies presented herein relate to identifying manmade and/or natural features in a radar image. Two radar images (e.g., single polarization SAR images) can be captured for a common scene. The first image is captured at a first instance and the second image is captured at a second instance, whereby the duration between the captures are of sufficient time such that temporal decorrelation occurs for natural surfaces in the scene, and only manmade surfaces, e.g., a road, produce correlated pixels. A LCCD image comprising the correlated and decorrelated pixels can be generated from the two radar images. A medianmore » « less
Full Text Available

Similar Records

Title: Software classification using phylogenetic techniques

Abstract

Citation Formats

Methods, systems, and media for detecting covert malware patent, September 2013

Phylogeny generation patent, January 2011

Method, System and Program Product for Optimizing Emulation of a Suspected Malware patent-application, September 2013

APE: Analyses of Phylogenetics and Evolution in R language journal, January 2004

Automated malware signature generation patent, June 2018

Vulnerability Finding Device, Vulnerability Finding Method and Vulnerability Finding Program patent-application, October 2017

Scalable network security with fast response protocol patent, December 2014

Rapid phylogenetic and functional classification of short genomic fragments with signature peptides journal, January 2012

Methods and Systems for Automated Network Scanning in Dynamic Virtualized Environments patent-application, February 2016

Thread scanning and patching to disable injected malware threats patent, February 2013

Malware phylogeny generation using permutations of code journal, September 2005

System and methods for digital artifact genetic modeling and forensic analysis patent, December 2015

Methods, systems, and media for detecting covert malware
patent, September 2013

Phylogeny generation
patent, January 2011

Method, System and Program Product for Optimizing Emulation of a Suspected Malware
patent-application, September 2013

APE: Analyses of Phylogenetics and Evolution in R language
journal, January 2004

Automated malware signature generation
patent, June 2018

Vulnerability Finding Device, Vulnerability Finding Method and Vulnerability Finding Program
patent-application, October 2017

Scalable network security with fast response protocol
patent, December 2014

Rapid phylogenetic and functional classification of short genomic fragments with signature peptides
journal, January 2012

Methods and Systems for Automated Network Scanning in Dynamic Virtualized Environments
patent-application, February 2016

Thread scanning and patching to disable injected malware threats
patent, February 2013

Malware phylogeny generation using permutations of code
journal, September 2005

System and methods for digital artifact genetic modeling and forensic analysis
patent, December 2015