Formal Methods in System Design

, Volume 41, Issue 1, pp 107–128

Recognizing malicious software behaviors with tree automata inference

Authors

    • Computer Science DivisionUniversity of California
  • Daniel Reynaud
    • Computer Science DivisionUniversity of California
  • Dawn Song
    • Computer Science DivisionUniversity of California
Article

DOI: 10.1007/s10703-012-0149-1

Cite this article as:
Babić, D., Reynaud, D. & Song, D. Form Methods Syst Des (2012) 41: 107. doi:10.1007/s10703-012-0149-1

Abstract

We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.

Keywords

Tree automata inference Behavioral malware detection

Copyright information

© Springer Science+Business Media, LLC 2012