Skip to main content
SpringerLink
Log in

A Fast Kernel on Hierarchial Tree Structures and Its Application to Windows Application Behavior Analysis

  • Conference paper
Neural Information Processing. Models and Applications (ICONIP 2010)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 6444))

Included in the following conference series:

  • 2607 Accesses

Abstract

System calls have been proved to be important evidence for analyzing the behavior of running applications. However, application behavior analyzers which investigate the majority of system calls usually suffer from severe system performance deterioration or frequent system crashes. In the presented study, a light weighted analyzer is approached by two avenues. On the one hand, the computation load to monitor the system calls are considerably reduced by limiting the target functions to two specific groups: file accesses and Windows Registry accesses. On the other hand, analytical accuracy is achieved by deep inspection into the string parameters of the function calls, where the proximity of the programs are evaluated by the newly proposed kernel functions. The efficacy of the proposed approach is evaluated on real world datasets with promising results reported.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barbar, D., Jajodia, S. (eds.): Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)

    Google Scholar 

  2. Chan, P.K., Lippmann, R.P.: Machine learning for computer security. Journal of Machine Learning Research 7, 2669–2672 (2006)

    MathSciNet  Google Scholar 

  3. Maloof, M. (ed.): Machine Learning and Data Mining for Computer Security. Springer, Heidelberg (2006)

    Google Scholar 

  4. Mazeroff, G., Knoxville, T., Thomason, M., Ford, R.: Probabilistic suffix models for API sequence analysis of Windows XP applications. Pattern Recognition 41(1), 90–101 (2008)

    Article  MATH  Google Scholar 

  5. Wang, C., Pang, J., Zhao, R., Liu, X.: Using API sequence and Bayes algorithm to detect suspicious behavior. In: 2009 International Conference on Communication Software and Networks, Macau, China (February 27-28, 2009)

    Google Scholar 

  6. Ando, R.: A Visualization of anomaly memory behavior of full-virtuallized windows OS using virtual machine introspection (to appear, 2010)

    Google Scholar 

  7. Chang, C., Lin, C.: LIBSVM: a library for support vector machines (2001), Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm

Download references

Author information

Authors and Affiliations

  1. National Institute of Information and Communications Technology, Japan

    Tao Ban, Ruo Ando & Youki Kadobayashi

Authors
  1. Tao Ban
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruo Ando
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Youki Kadobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Murdoch University, 6150, Murdoch, WA, Australia

    Kok Wai Wong

  2. The Australian National University, 0200, Canberra, ACT, Australia

    B. Sumudu U. Mendis

  3. School of Electrical, Computer and Telecommunications Engineering, University of Wollongong, Northfields Avenue, 2522, P.O. Box, Wollongong, NSW, Australia

    Abdesselam Bouzerdoum

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ban, T., Ando, R., Kadobayashi, Y. (2010). A Fast Kernel on Hierarchial Tree Structures and Its Application to Windows Application Behavior Analysis. In: Wong, K.W., Mendis, B.S.U., Bouzerdoum, A. (eds) Neural Information Processing. Models and Applications. ICONIP 2010. Lecture Notes in Computer Science, vol 6444. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17534-3_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17534-3_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17533-6

  • Online ISBN: 978-3-642-17534-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation