@inproceedings{fba29f0737394e38b49d8faace082c4d,
title = "A Planning Approach to Monitoring Computer Programs{\textquoteright} Behavior",
abstract = "We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior. Thus, unlike most statistical detection methods that focus on syntactic features, our approach is semantic in nature. Therefore, it is more robust against obfuscation techniques used by malware that change the outward appearance of the trace but not its effect. We demonstrate the efficacy of our approach by evaluating it on actual system call traces.",
author = "Alexandre Cukier and Brafman, {Ronen I.} and Yotam Perkal and David Tolpin",
note = "Publisher Copyright: {\textcopyright} 2018, Springer International Publishing AG, part of Springer Nature.; 2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018 ; Conference date: 21-06-2018 Through 22-06-2018",
year = "2018",
month = jan,
day = "1",
doi = "https://doi.org/10.1007/978-3-319-94147-9_19",
language = "American English",
isbn = "9783319941462",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "243--254",
editor = "Itai Dinur and Shlomi Dolev and Sachin Lodha",
booktitle = "Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings",
address = "Germany",
}