All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Probabilistic analysis of dynamic malware traces

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F18%3A00318758" target="_blank" >RIV/68407700:21230/18:00318758 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S0167404818300336" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404818300336</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.cose.2018.01.012" target="_blank" >10.1016/j.cose.2018.01.012</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Probabilistic analysis of dynamic malware traces

  • Original language description

    We propose a method to automatically group unknown binaries executed in sandbox according to their interaction with system resources (files on the filesystem, mutexes, registry keys, network communication with remote servers and error messages generated by operating system) such that each group corresponds to a malware family. The method utilizes probabilistic generative model (Bernoulli mixture model), which allows human-friendly prioritization of identified clusters and extraction of readable behavioral indicators to maximize interpretability. We compare it to relevant prior art on a large set of malware binaries where a quality of cluster prioritization and automatic extraction of indicators of compromise is demonstrated. The proposed approach therefore implements complete pipeline which has the potential to significantly speed-up analysis of unknown samples.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2018

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Computers & Security

  • ISSN

    0167-4048

  • e-ISSN

    1872-6208

  • Volume of the periodical

    74

  • Issue of the periodical within the volume

    May

  • Country of publishing house

    GB - UNITED KINGDOM

  • Number of pages

    19

  • Pages from-to

    221-239

  • UT code for WoS article

    000428098500013

  • EID of the result in the Scopus database

    2-s2.0-85041376690

Similar results(10)

Malware Detection Using a Heterogeneous Distance FunctionMultiple instance learning for malware classificationA malware detection system based on context analysis