Probabilistic Suffix Models for Windows Application Behavior Profiling: Framework and Initial Results

Author

Geoffrey Alan Mazeroff, University of Tennessee - Knoxville

Date of Award

12-2004

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Jens Gregor

Committee Members

Michael Thomason, Bradley Vander Zanden

Abstract

Developing statistical/structural models of code execution behavior is of considerable practical importance. This thesis describes a framework for employing probabilistic suffix models as a means of constructing behavior profiles from code-traces of Windows XP applications. Emphasis is placed on the inference and use of probabilistic suffix trees and automata with new contributions in the area of auxiliary symbol distributions. An initial real-time classification system is discussed and preliminary results of detecting known benign and viral applications are presented.

Recommended Citation

Mazeroff, Geoffrey Alan, "Probabilistic Suffix Models for Windows Application Behavior Profiling: Framework and Initial Results. " Master's Thesis, University of Tennessee, 2004.
https://trace.tennessee.edu/utk_gradthes/2276