Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Leveraging string kernels for malware detection

: Pfoh, J.; Schneider, C.; Eckert, C.


Network and system security. Proceedings : 7th international conference, NSS 2013, Madrid, Spain, June 3-4, 2013
Berlin: Springer, 2013 (Lecture Notes in Computer Science (LNCS) 7873)
ISBN: 3-642-38630-X
ISBN: 978-3-642-38630-5
ISBN: 978-3-642-38631-2
International Conference on Network and System Security (NSS) <7, 2013, Madrid>
Conference Paper
Fraunhofer AISEC ()

Signature-based malware detection will always be a step behind as novel malware cannot be detected. On the other hand, machine learning-based methods are capable of detecting novel malware but classification is frequently done in an offline or batched manner and is often associated with time overheads that make it impractical. We propose an approach that bridges this gap. This approach makes use of a support vector machine (SVM) to classify system call traces. In contrast to other methods that use system call traces for malware detection, our approach makes use of a string kernel to make better use of the sequential information inherent in a system call trace. By classifying system call traces in small sections and keeping a moving average over the probability estimates produced by the SVM, our approach is capable of detecting malicious behavior online and achieves great accuracy.