A Malware Instruction Set for Behavior-Based Analysis

Philipp Trinius, Carsten Willems, Thorsten Holz, Konrad Rieck

Technical Report TR-2009-007, University of Mannheim, December 2009


Abstract

We introduce a new representation for monitored behavior of malicious software called Malware Instruction Set (MIST). The representation is optimized for effective and efficient analysis of behavior using data mining and machine learning techniques. It can be obtained automatically during analysis of malware with a behavior monitoring tool or by converting existing behavior reports. The representation is not restricted to a particular monitoring tool and thus can also be used as a meta language to unify behavior reports of different sources.

[MADOC Link] [PDF]

Tags: Malware, MIST