Abstract
Malware (Malicious Software) of Windows OS has become more sophisticated. To take some countermeasures for recent infection, more intelligent and automated system log analysis is necessary. In this paper we propose an automated log analysis of infected Windows OS using mechanized reasoning. We apply automated deduction system for gathering events of malware and extract the behavior of infection over large scale system logs. In experiment, we cope with four kinds of resolution strategies to detect the malicious behavior. It is shown that automation of analyzing system logs is possible for detecting actual malicious software.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Wos, L., Robinson, G.A., Carsonm, D.F.: Efficiency and Completeness of the Set of Support Strategy in Theorem Proving. Journal of Automated Reasoning (1965)
Wos, L.: The Problem of Explaining the Disparate Performance of Hyperresolution and Paramodulation. J. Autom. Reasoning 4(2), 215–217 (1988)
Wos, L.: The Problem of Self-Analytically Choosing the Weights. J. Autom. Reasoning 4(4), 463–464 (1988)
Wos, L.: The Problem of Choosing the Type of Subsumption to Use. J. Autom. Reasoning 7(3), 435–438 (1991)
Wos, L., Robinson, G.A., Carson, D.F., Shalla, L.: The Concept of Demodulation in Theorem Proving. Journal of Automated Reasoning (1967)
McCune, W.: 33 basic test problems: A practical evaluation of some paramodulation strategies. Preprint ANL/MCS-P618-1096, Mathematics and Computer Science Division, Argonne National Laboratory, Argonne, IL (1996)
Wos, L., Pieper, G.W.: The Hot List Strategy. Journal of Automated Reasoning (1999)
OTTER automated deduction system, http://www.mcs.anl.gov/AR/otter/
McCune, W.: OTTER 3.3 Reference Manual CoRR cs.SC/0310056 (2003)
Wos, L.: The Power of Combining Resonance with Heat. Journal of Automated Reasoning (1996)
Spinellis, D.: Reliable identification of bounded-length viruses is NP-complete. IEEE Transactions on Information Theory (2000)
Ando, R., Takefuji, Y.: Faster resolution based metamorphic virus detection using ATP control strategy. Wseas Transactions on Information Science And Applications 3(2), 260–2266 (2006)
Ando, R.: Faster parameter detection of polymorphic viral code using hot list strategy. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 555–562. Springer, Heidelberg (2008)
Ando, R.: Parallel analysis of polymorphic viral code using automated deduction system. In: 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD 2007), Qingdao, China (July 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ando, R. (2009). Automated Log Analysis of Infected Windows OS Using Mechanized Reasoning. In: Leung, C.S., Lee, M., Chan, J.H. (eds) Neural Information Processing. ICONIP 2009. Lecture Notes in Computer Science, vol 5864. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10684-2_60
Download citation
DOI: https://doi.org/10.1007/978-3-642-10684-2_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10682-8
Online ISBN: 978-3-642-10684-2
eBook Packages: Computer ScienceComputer Science (R0)