Imperial College London

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 1490n.heard Website

 
 
//

Location

 

543Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Bolton:2014:10.1109/JISIC.2014.58,
author = {Bolton, A and Heard, N},
doi = {10.1109/JISIC.2014.58},
pages = {292--295},
title = {Application of a linear time method for change point detection to the classification of software},
url = {http://dx.doi.org/10.1109/JISIC.2014.58},
year = {2014}
}

RIS format (EndNote, RefMan)

TY  - CPAPER
AB - © 2014 IEEE. A computer program's dynamic instruction trace is the sequence of instructions it generates during run-time. This article presents a method for analysing dynamic instruction traces, with an application in malware detection. Instruction traces can be modelled as piecewise homogeneous Markov chains and an exact linear time method is used for detecting change points in the transition probability matrix. The change points divide the instruction trace into segments performing different functions. If segments performing malicious functions can be detected then the software can be classified as malicious. The change point detection method is applied to both a simulated dynamic instruction trace and the dynamic instruction trace generated by a piece of malware.
AU - Bolton,A
AU - Heard,N
DO - 10.1109/JISIC.2014.58
EP - 295
PY - 2014///
SP - 292
TI - Application of a linear time method for change point detection to the classification of software
UR - http://dx.doi.org/10.1109/JISIC.2014.58
ER -