Abstract
Malicious executables have become a major threat to the integrity of hosts and the privacy of users, however, traditional manual analysis and containment does not scale to increasing unknown malware/variants. This paper proposes a novel approach that combines behavioral and content-based fingerprints, which scales to unknown malicious executables in an automated fashion. Our approach first extracts behavioral features to train classifiers using data mining techniques that can distinguish malicious and benign executables, and then host level agents are introduced to block the execution of malware instances with their content-based fingerprints. To increase accuracy, an algorithm is proposed that applies a classifier to raw audit data as well as observes the executions of malware in virtualized environments. Moreover, distributed system architecture is used to optimize efficiency and real-time containment. Experiment results show good performance with high accuracy and low overhead.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
