Section: New Software and Platforms

BMA

Behavioral Malware Analysis

Keywords: Artificial intelligence - Malware - Automatic Learning - Concolic Execution

Functional Description: Our approach is based on artificial intelligence. We use concolic analysis to extract behavioral signatures from binaries in a form of system call dependency graphs (SCDGs). Our software can do both supervised and unsupervised learning. The former learns the distinctive features of different malware families on a large training set in order to classify the new binaries as malware or cleanware according to their behavioural signatures. In the unsupervised learning the binaries are clustered according to their graph similarity. The toolchain is orchestrated by an experiment manager that allows to easily setup, launch and view results of all modules of the toolchain.

• Participants: Stefano Sebastio, Cassius De Oliveira Puodzius, Lamine Noureddine, Sébastien Campion, Jean Quilbeuf, Eduard Baranov and Thomas Given-Wilson

• Partner: Cisco

• Contact: Sébastien Campion

• URL: https://team.inria.fr/tamis/