Sciweavers

Share
CCS
2010
ACM

AccessMiner: using system-centric models for malware protection

9 years 8 months ago
AccessMiner: using system-centric models for malware protection
Models based on system calls are a popular and common approach to characterize the run-time behavior of programs. For example, system calls are used by intrusion detection systems to detect software exploits. As another example, policies based on system calls are used to sandbox applications or to enforce access control. Given that malware represents a significant security threat for today's computing infrastructure, it is not surprising that system calls were also proposed to distinguish between benign processes and malicious code. Most proposed malware detectors that use system calls follow a program-centric analysis approach. That is, they build models based on specific behaviors of individual applications. Unfortunately, it is not clear how well these models generalize, especially when exposed to a diverse set of previously-unseen, real-world applications that operate on realistic inputs. This is particularly problematic as most previous work has used only a small set of prog...
Andrea Lanzi, Davide Balzarotti, Christopher Krueg
Added 06 Dec 2010
Updated 06 Dec 2010
Type Conference
Year 2010
Where CCS
Authors Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda
Comments (0)
books