A fast kernel on hierarchial tree structures and its application to windows application behavior analysis
作者: Tao Ban , Ruo Ando , Youki Kadobayashi
DOI: 10.1007/978-3-642-17534-3_33
关键词:
摘要: System calls have been proved to be important evidence for analyzing the behavior of running applications. However, application analyzers which investigate majority system usually suffer from severe performance deterioration or frequent crashes. In presented study, a light weighted analyzer is approached by two avenues. On one hand, computation load monitor are considerably reduced limiting target functions specific groups: file accesses and Windows Registry accesses. other analytical accuracy achieved deep inspection into string parameters function calls, where proximity programs evaluated newly proposed kernel functions. The efficacy approach on real world datasets with promising results reported.
springer.com
sci-hub.st 参考文章(7)
Marcus A. Maloof, Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing) Springer-Verlag New York, Inc.. ,(2005)
Machine Learning and Data Mining for Computer Security Springer-Verlag. ,(2006) , 10.1007/1-84628-253-5
Applications of Data Mining in Computer Security Kluwer Academic Publishers. ,(2002) , 10.1007/978-1-4615-0953-0
Philip K. Chan, Richard P. Lippmann, Machine Learning for Computer Security Journal of Machine Learning Research. ,vol. 7, pp. 2669- 2672 ,(2006) , 10.5555/1248547.1248643
Geoffrey Mazeroff, Jens Gregor, Michael Thomason, Richard Ford, Probabilistic suffix models for API sequence analysis of Windows XP applications Pattern Recognition. ,vol. 41, pp. 90- 101 ,(2008) , 10.1016/J.PATCOG.2007.04.006
Cheng Wang, Jianmin Pang, Rongcai Zhao, Xiaoxian Liu, Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior international conference on communication software and networks. pp. 544- 548 ,(2009) , 10.1109/ICCSN.2009.60
Chih-Chung Chang, Chih-Jen Lin, LIBSVM ACM Transactions on Intelligent Systems and Technology. ,vol. 2, pp. 1- 27 ,(2011) , 10.1145/1961189.1961199