Joshua Neil scite author profile

We introduce a novel malware detection algorithm based on the analysis of graphs constructed from dynamically collected instruction traces of the target executable. These graphs represent Markov chains, where the vertices are the instructions and the transition probabilities are estimated by the data contained in the trace. We use a combination of graph kernels to create a similarity matrix between the instruction trace graphs. The resulting graph kernel measures similarity between graphs on both local and global levels. Finally, the similarity matrix is sent to a support vector machine to perform classification. Our method is particularly appealing because we do not base our classifications on the raw n-gram data, but rather use our data representation to perform classification in graph space. We demonstrate the performance of our algorithm on two classification problems: benign software versus malware, and the Netbull virus with different packers versus other classes of viruses. Our results show a statistically significant improvement over signature-based and other machine learning-based detection methods.

show abstract

Eliminating Steganography in Internet Traffic with Active Wardens

Fisk

Papadopoulos

et al. 2002

110

130

View full text Add to dashboard Cite

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs

et al. 2013

View full text Add to dashboard Cite

Identifying anomalies in computer networks is a challenging and complex problem.Often, anomalies occur in extremely local areas of the network. Locality is complex in this setting, since we have an underlying graph structure. To identify local anomalies, we introduce a scan statistic for data extracted from the edges of a graph over time.[24] J.I. Naus. Approximations for distributions of scan statistics.

show abstract

Connected Components and Credential Hopping in Authentication Graphs

Hagberg

Lemons

Kent

et al. 2014

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Joshua Neil

Graph-based malware detection using dynamic analysis

Eliminating Steganography in Internet Traffic with Active Wardens

Scan Statistics for the Online Detection of Locally Anomalous Subgraphs

Connected Components and Credential Hopping in Authentication Graphs

Contact Info

Product

Resources

About