BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Malware Analysis with Tree Automata Inference - Domagoj Babic
DTSTART:20130312T140000Z
DTEND:20130312T150000Z
UID:TALK43847@talks.cam.ac.uk
CONTACT:Jonathan Hayman
DESCRIPTION:The underground malware-based economy is flourishing and it is
  evident\nthat the classical ad-hoc signature detection methods are becomi
 ng\ninsufficient.  Malware authors seem to share some source code and\nmal
 ware samples often feature similar behaviors\, but such commonalities\nare
  difficult to detect with signature-based methods because of an\nincreasin
 g use of numerous freely-available randomized obfuscation\ntools.   To add
 ress this problem\, the security community is actively\nresearching behavi
 oral detection methods that commonly attempt to\nunderstand and differenti
 ate how malware behaves\, as opposed to just\ndetecting syntactic patterns
 .   Continuing that line of research\, in\nthis talk I will explore how gr
 ammatical inference and tools of the\nverification trade could be used for
  malware detection and analysis.  I\nwill present a new approach to learni
 ng and generalizing from observed\nmalware behaviors based on tree automat
 a inference.  In particular\, I\nwill show how one can infer k-testable tr
 ee automata from system call\ndataflow dependency graphs and discuss the u
 se of inferred automata in\nmalware recognition and classification.  At th
 e end\, I will briefly\nsurvey some other related work I have done in rece
 nt past\, as well as\nhint the future research directions.
LOCATION:Room FW26\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR