Method for detecting unknown malicious executables

Boris Rozenberg, Ehud Gudes, Yuval Elovici, Yuval Fledel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations


We present a method for detecting new malicious executables, which comprises the steps of: (a) in a training phase, finding a collection of system call sequences that are characteristic only to malicious files, and storing said sequences in a database; (b) in a runtime phase, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences within the database, and when a match is found, declaring said executable as malicious.

Original languageEnglish
Title of host publicationRecent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings
Number of pages2
StatePublished - 1 Dec 2009
Event12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009 - Saint-Malo, France
Duration: 23 Sep 200925 Sep 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5758 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Method for detecting unknown malicious executables'. Together they form a unique fingerprint.

Cite this