Skip to main content
SpringerLink
Log in

Method for Detecting Unknown Malicious Executables

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5758))

Included in the following conference series:

Abstract

We present a method for detecting new malicious executables, which comprises the steps of: (a) in a training phase, finding a collection of system call sequences that are characteristic only to malicious files, and storing said sequences in a database; (b) in a runtime phase, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences within the database, and when a match is found, declaring said executable as malicious.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: 10th ACM SIGKDD international conference on knowledge discovery and data mining, pp. 470–478. ACM Press, New York (2004)

    Google Scholar 

  2. Zaki, M.G.: Efficient Algorithm for Mining Frequent Sequences. Machine Learning 42, 31–60 (2001)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Deutche Telekom Laboratories at BGU and Department of Computer Science, Ben Gurion University, Beer Sheva, 84105, Israel

    Boris Rozenberg & Ehud Gudes

  2. Deutche Telekom Laboratories at BGU and Department of Information System Engineering, Ben Gurion University, Beer Sheva, 84105, Israel

    Yuval Elovici & Yuval Fledel

Authors
  1. Boris Rozenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ehud Gudes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuval Elovici
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuval Fledel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia-Antipolis Cedex, France

    Engin Kirda  & Davide Balzarotti  & 

  2. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rozenberg, B., Gudes, E., Elovici, Y., Fledel, Y. (2009). Method for Detecting Unknown Malicious Executables. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04342-0_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04341-3

  • Online ISBN: 978-3-642-04342-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation