A Planning Approach to Monitoring Behavior of Computer Programs

Add code
Sep 11, 2017
Alexandre Cukier, Ronen I. Brafman, Yotam Perkal, David Tolpin
Figure 1 for A Planning Approach to Monitoring Behavior of Computer Programs
Figure 2 for A Planning Approach to Monitoring Behavior of Computer Programs
Figure 3 for A Planning Approach to Monitoring Behavior of Computer Programs

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior. Thus, unlike most statistical detection methods that focus on syntactic features, our approach is semantic in nature. Therefore, it is more robust against obfuscation techniques used by malware that change the outward appearance of the trace but not its effect. We demonstrate the efficacy of our approach by evaluating it on actual system call traces.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon