Recognizing malicious software behaviors with tree automata inference
- First Online:
- Cite this article as:
- Babić, D., Reynaud, D. & Song, D. Form Methods Syst Des (2012) 41: 107. doi:10.1007/s10703-012-0149-1
- 252 Downloads
We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.