Methods for Automated Generation of Scripts Hierarchies from Examples and Diagnosis of Behavior

  • Viktoriia Ruvinskaya
  • Alexandra MoldavskayaEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 836)


The aim of the research is to increase the reliability of the behavior diagnostics by developing new models and methods based on scripts automatically extracted from data. An improved model of script hierarchies is proposed by adding concepts of role, forest of hierarchies, as well as the support function that connects them. An improved model of multilevel behavior pattern construction is proposed. That, unlike existing models, enabled using methods based on machine learning, along with an expert, to formulate scripts. The 2-staged method for diagnosing the objects behavior based on script hierarchies is developed: at the first stage, identification of the tested behavior to one or several script hierarchies is made; in the second stage, based on the naive Bayesian classifier, it is detected if the object belongs to one or more classes. Approbation of models and methods for the subject area of detecting malicious programs is carried out. The results show an increase in detection reliability.


Knowledge-oriented systems Sequential patterns Behavior analysis Scripts Sequential pattern mining Malware 


  1. 1.
    Schank, R.C., Abelson, R.P.: Scripts, plans, and knowledge. Yale University, New Haven, Connecticut USA (1975)Google Scholar
  2. 2.
    Minsky, M.: Freymy dlya predstavleniya znaniy. Energiya, Moscow (1979)Google Scholar
  3. 3.
    Ruvinskaya, V.M., Berkovich, E.L., Lotockiy, A.A.: Heuristic method of malware detection on the basis of scripts. Iskusstvenniy intellekt 3, 197–207 (2008)Google Scholar
  4. 4.
    Moldavskaya, A.V., Ruvinskaya, V.M., Berkovich, E.L.: Method of learning malware behavior scripts by sequential pattern mining. In: Gammerman, A., Luo, Z., Vega, J., Vovk, V. (eds.) Conformal and Probabilistic Prediction with Applications. COPA 2016. Lecture Notes in Computer Science, Vol. 9653, pp. 196–207. Springer, Cham (2016)Google Scholar
  5. 5.
    Surmin, Yu.P.: Teoriya sistem i sistemniy analiz. MAUP, Kyiv (2003)Google Scholar
  6. 6.
    Chernyshov, V.N., Chernyshov, A.V.: Teoriya sistem i sistemnyy analiz. Izdatel’stvo Tambovskogo gosudarstvennogo tekhnicheskogo universiteta, Tambov (2008)Google Scholar
  7. 7.
    Tocenko, V.G.: Metody i sistemy podderzhki prinyatiya resheniy. Algoritmicheskiy aspekt. Naukova dumka, Kyiv (2002)Google Scholar
  8. 8.
    Polikarpova, N.I., Shalyto, A.A.: Avtomatnoe programmirovanie, 2nd edn. Piter, Saint Petersburg (2010)Google Scholar
  9. 9.
    Gladun, V.P.: Obnaruzhenie znaniy na osnove setevyh struktur. Int. J. Inf. Technol. Knowl. 4(4), 303–328 (2010)Google Scholar
  10. 10.
    Schank, R.C., Abelson, R.P.: Scripts, plans and goals. In: IJCAI 1975, Proceedings of the 4th International Joint Conference on Artificial intelligence, vol. 1, pp. 151–157, San Francisco, CA, USA (1975)Google Scholar
  11. 11.
    Polatovskaya, O.S.: Freym-scenariy kak tip konceptov. Vestnik IGLU 4(25), 161–163 (2013)Google Scholar
  12. 12.
    Gupta, M., Han, J.: Approaches for pattern discovery using sequential data mining. In: Pattern Discovery Using Sequence Data Mining: Applications and Studies. IGI Global, pp. 137–154 (2012)Google Scholar
  13. 13.
    Il’in, V.I.: Povedenie potrebiteley. Piter, Saint Petersburg (2000)Google Scholar
  14. 14.
    Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and Classification of Malware Behavior. In: Zamboni, D. (ed.) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)Google Scholar
  15. 15.
    Kovalenko, A.S., Smirnov, O.A., Kovalenko, O.V.: Subsystem technical diagnostics for automation of processes control in integrated information systems. Systemy ozbroiennia i viyskova tekhnika 1, 126–129 (2014)Google Scholar
  16. 16.
    Yuan, Q., Cong, G., Thalmann, N.M.: Enhancing naive bayes with various smoothing methods for short text classification. In: Proceedings of the 21st International Conference on World Wide Web, pp. 645–646. Lyon, France (2012)Google Scholar
  17. 17.
    Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251–266 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Odessa National Polytechnic UniversityOdessaUkraine
  2. 2.Odessa College of Computer TechnologiesOdessaUkraine

Personalised recommendations