Behavioral detection of malware: from a survey towards an established taxonomy |
| |
Authors: | Grégoire Jacob Hervé Debar Eric Filiol |
| |
Affiliation: | (1) France Télécom R&D, Caen, France;(2) French Army Signals Academy, Virology and Cryptology Lab, Rennes, France |
| |
Abstract: | Behavioral detection differs from appearance detection in that it identifies the actions performed by the malware rather than
syntactic markers. Identifying these malicious actions and interpreting their final purpose is a complex reasoning process.
This paper draws up a survey of the different reasoning techniques deployed among the behavioral detectors. These detectors
have been classified according to a new taxonomy introduced inside the paper. Strongly inspired from the domain of program
testing, this taxonomy divides the behavioral detectors into two main families: simulation-based and formal detectors. Inside
these families, ramifications are then derived according to the data collection mechanisms the data interpretation, the adopted
model and its generation, and the decision support. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|