Formal Methods in System Design

, Volume 41, Issue 1, pp 107–128

Recognizing malicious software behaviors with tree automata inference


DOI: 10.1007/s10703-012-0149-1

Cite this article as:
Babić, D., Reynaud, D. & Song, D. Form Methods Syst Des (2012) 41: 107. doi:10.1007/s10703-012-0149-1


We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.


Tree automata inferenceBehavioral malware detection

Copyright information

© Springer Science+Business Media, LLC 2012

Authors and Affiliations

  1. 1.Computer Science DivisionUniversity of CaliforniaBerkeleyUSA