A Planning Approach to Monitoring Behavior of Computer Programs

09/11/2017
by   Alexandre Cukier, et al.
0

We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior. Thus, unlike most statistical detection methods that focus on syntactic features, our approach is semantic in nature. Therefore, it is more robust against obfuscation techniques used by malware that change the outward appearance of the trace but not its effect. We demonstrate the efficacy of our approach by evaluating it on actual system call traces.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/06/2022

MAIL: Malware Analysis Intermediate Language

This paper introduces and presents a new language named MAIL (Malware An...
research
01/08/2018

HeNet: A Deep Learning Approach on Intel^ Processor Trace for Effective Exploit Detection

This paper presents HeNet, a hierarchical ensemble neural network, appli...
research
07/28/2022

Trace Refinement in B and Event-B

Traces are used to show whether a model complies with the intended behav...
research
05/15/2019

SMART: Semantic Malware Attribute Relevance Tagging

With the rapid proliferation and increased sophistication of malicious s...
research
07/23/2018

Data Race Detection on Compressed Traces

We consider the problem of detecting data races in program traces that h...
research
02/15/2018

NtMalDetect: A Machine Learning Approach to Malware Detection Using Native API System Calls

As computing systems become increasingly advanced and as users increasin...
research
02/08/2021

Learning from Shader Program Traces

Deep networks for image processing typically learn from RGB pixels. This...

Please sign up or login with your details

Forgot password? Click here to reset