SPARTA: A Graphical User Interface for Malicious Mobile Code Fingerprint-ing.

Author

Victor P. De Cerqueira, University of Tennessee - Knoxville

Date of Award

5-2003

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Jens Gregor

Committee Members

Michael G. Thomason, Bradley Vander Zanden

Abstract

This thesis introduces and describes SPARTA (for Stochastic Profiling Application for the Rendering of Trees and Automata), a graphical user interface used as a front end to a collection of tools written in C that collectively convert a log of registry system calls performed by an application into binary descriptions of PSTs (for Probabilistic Suffix Trees) and PSAs (for Probabilistic Suffix Automata), which are models used to represent application behavior on Windows-based systems. SPARTA works by rendering these binary descriptions into graphical form, showcasing a variety of features intended to make the user interaction with PSTs and PSAs informative and insightful.

The ultimate goal of SPARTA is to aid in the process of profiling applications based on the system calls they make, using characteristics from PSTs and PSAs that are more easily noticeable in their graphical form to define “normal” behavior for Windows applications. With knowledge of normal behavior, these very same models can be used to measure deviations that might ultimately result in the destructive actions of malicious mobile code, enabling the user to halt or quarantine them before they take place.

Recommended Citation

Cerqueira, Victor P. De, "SPARTA: A Graphical User Interface for Malicious Mobile Code Fingerprint-ing.. " Master's Thesis, University of Tennessee, 2003.
https://trace.tennessee.edu/utk_gradthes/1933