Visible to the public Biblio

Filters: Author is Touili, Tayssir  [Clear All Filters]
2019-02-18
Dam, Khanh Huu The, Touili, Tayssir.  2018.  Learning Malware Using Generalized Graph Kernels. Proceedings of the 13th International Conference on Availability, Reliability and Security. :28:1–28:6.
Machine learning techniques were extensively applied to learn and detect malware. However, these techniques use often rough abstractions of programs. We propose in this work to use a more precise model for programs, namely extended API call graphs, where nodes correspond to API function calls, edges specify the execution order between the API functions, and edge labels indicate the dependence relation between API functions parameters. To learn such graphs, we propose to use Generalized Random Walk Graph Kernels (combined with Support Vector Machines). We implemented our techniques and obtained encouraging results for malware detection: 96.73% of detection rate with 0.73% of false alarms.