Abstract
System calls have been proved to be important evidence for analyzing the behavior of running applications. However, application behavior analyzers which investigate the majority of system calls usually suffer from severe system performance deterioration or frequent system crashes. In the presented study, a light weighted analyzer is approached by two avenues. On the one hand, the computation load to monitor the system calls are considerably reduced by limiting the target functions to two specific groups: file accesses and Windows Registry accesses. On the other hand, analytical accuracy is achieved by deep inspection into the string parameters of the function calls, where the proximity of the programs are evaluated by the newly proposed kernel functions. The efficacy of the proposed approach is evaluated on real world datasets with promising results reported.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barbar, D., Jajodia, S. (eds.): Applications of Data Mining in Computer Security. Kluwer, Dordrecht (2002)
Chan, P.K., Lippmann, R.P.: Machine learning for computer security. Journal of Machine Learning Research 7, 2669–2672 (2006)
Maloof, M. (ed.): Machine Learning and Data Mining for Computer Security. Springer, Heidelberg (2006)
Mazeroff, G., Knoxville, T., Thomason, M., Ford, R.: Probabilistic suffix models for API sequence analysis of Windows XP applications. Pattern Recognition 41(1), 90–101 (2008)
Wang, C., Pang, J., Zhao, R., Liu, X.: Using API sequence and Bayes algorithm to detect suspicious behavior. In: 2009 International Conference on Communication Software and Networks, Macau, China (February 27-28, 2009)
Ando, R.: A Visualization of anomaly memory behavior of full-virtuallized windows OS using virtual machine introspection (to appear, 2010)
Chang, C., Lin, C.: LIBSVM: a library for support vector machines (2001), Software available at http://www.csie.ntu.edu.tw/~cjlin/libsvm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ban, T., Ando, R., Kadobayashi, Y. (2010). A Fast Kernel on Hierarchial Tree Structures and Its Application to Windows Application Behavior Analysis. In: Wong, K.W., Mendis, B.S.U., Bouzerdoum, A. (eds) Neural Information Processing. Models and Applications. ICONIP 2010. Lecture Notes in Computer Science, vol 6444. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17534-3_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-17534-3_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17533-6
Online ISBN: 978-3-642-17534-3
eBook Packages: Computer ScienceComputer Science (R0)