A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf
.
Generalized Anomaly Detection Model for Windows-based Malicious Program Behavior
2008
International Journal of Network Security
In this paper we demonstrate that it is possible in general to detect Windows-based malicious program behavior. Since S. Forrest et al. used the N-grams method to classify system call trace data, dynamic learning has become a promising research area. However, most research works have been done in the UNIX environment and have limited scope. In Forrest's original model, "Self" is defined based on a normal process whereas "Non-Self" corresponds to one or two malicious processes. We extend this
dblp:journals/ijnsec/TangMZ08
fatcat:27sbuba7ibca5i7l67xgg7cfhe