Abstract: A behavioral malware detection involves extracting features from prefetch files, wherein prefetch files; classifying and detecting benign applications from malicious applications using the features of the prefetch files; and quarantining malicious applications based on the detection.

Abstract: A behavioral malware detection involves extracting features from prefetch files, wherein prefetch files; classifying and detecting benign applications from malicious applications using the features of the prefetch files; and quarantining malicious applications based on the detection.

Abstract: A malware detection system and method detects changes in host behavior indicative of malware execution. The system uses linear discriminant analysis (LDA) for feature extraction, multi-channel change-point detection algorithms to infer malware execution, and a data fusion center (DFC) to combine local decisions into a host-wide diagnosis. The malware detection system includes sensors that monitor the status of a host computer being monitored for malware, a feature extractor that extracts data from the sensors corresponding to predetermined features, local detectors that perform malware detection on each stream of feature data from the feature extractor independently, and a data fusion center that uses the decisions from the local detectors to infer whether the host computer is infected by malware.

Abstract: A malware detection system and method detects changes in host behavior indicative of malware execution. The system uses linear discriminant analysis (LDA) for feature extraction, multi-channel change-point detection algorithms to infer malware execution, and a data fusion center (DFC) to combine local decisions into a host-wide diagnosis. The malware detection system includes sensors that monitor the status of a host computer being monitored for malware, a feature extractor that extracts data from the sensors corresponding to predetermined features, local detectors that perform malware detection on each stream of feature data from the feature extractor independently, and a data fusion center that uses the decisions from the local detectors to infer whether the host computer is infected by malware.

Abstract: A computational geometry technique is utilized to detect, diagnose, and/or mitigate fault detection during the execution of a software application. Runtime measurements are collected and processed to generate a geometric enclosure that represents the normal, non-failing, operating space of the application being monitored. When collected runtime measurements are classified as being inside or on the perimeter of the geometric enclosure, the application is considered to be in a normal, non-failing, state. When collected runtime measurements are classified as being outside of the geometric enclosure, the application is considered to be in an anomalous, failing, state. In an example embodiment, the geometric enclosure is a convex hull generated in N-dimensional Euclidean space. Appropriate action (e.g., restart the software, turn off access to a network port) can be taken depending on where the measurement values lie in the space.

Abstract: A computational geometry technique is utilized to detect, diagnose, and/or mitigate fault detection during the execution of a software application. Runtime measurements are collected and processed to generate a geometric enclosure that represents the normal, non-failing, operating space of the application being monitored. When collected runtime measurements are classified as being inside or on the perimeter of the geometric enclosure, the application is considered to be in a normal, non-failing, state. When collected runtime measurements are classified as being outside of the geometric enclosure, the application is considered to be in an anomalous, failing, state. In an example embodiment, the geometric enclosure is a convex hull generated in N-dimensional Euclidean space. Appropriate action (e.g., restart the software, turn off access to a network port) can be taken depending on where the measurement values lie in the space.