Daniel Reynaud scite author profile

Abstract. The underground malware-based economy is flourishing and it is evident that the classical ad-hoc signature detection methods are becoming insufficient. Malware authors seem to share some source code and malware samples often feature similar behaviors, but such commonalities are difficult to detect with signature-based methods because of an increasing use of numerous freelyavailable randomized obfuscation tools. To address this problem, the security community is actively researching behavioral detection methods that commonly attempt to understand and differentiate how malware behaves, as opposed to just detecting syntactic patterns. We continue that line of research in this paper and explore how formal methods and tools of the verification trade could be used for malware detection and analysis. We propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. In particular, we develop an algorithm for inferring k-testable tree automata from system call dataflow dependency graphs and discuss the use of inferred automata in malware recognition and classification.

show abstract

Threshold concepts about online pedagogy for novice online teachers in higher education

Kilgour

Reynaud

Northcote

et al. 2018

Higher Education Research & Development

View full text Add to dashboard Cite

Differential Slicing: Identifying Causal Execution Differences for Security Applications

Johnson

Caballero

Chen

et al. 2011

View full text Add to dashboard Cite

A security analyst often needs to understand two runs of the same program that exhibit a difference in program state or output. This is important, for example, for vulnerability analysis, as well as for analyzing a malware program that features different behaviors when run in different environments. In this paper we propose a differential slicing approach that automates the analysis of such execution differences. Differential slicing outputs a causal difference graph that captures the input differences that triggered the observed difference and the causal path of differences that led from those input differences to the observed difference. The analyst uses the graph to quickly understand the observed difference. We implement differential slicing and evaluate it on the analysis of 11 real-world vulnerabilities and 2 malware samples with environment-dependent behaviors. We also evaluate it in an informal user study with two vulnerability analysts. Our results show that differential slicing successfully identifies the input differences that caused the observed difference and that the causal difference graph significantly reduces the amount of time and effort required for an analyst to understand the observed difference.

show abstract

Development of an Evidence-based Professional Learning Program Informed by Online Teachers' Self-efficacy and Threshold Concepts

Gosselin

Northcote

Reynaud

et al. 2016

OLJ

View full text Add to dashboard Cite

As online education continues to expand across varied educational sectors, so does the demand for professional development programs to guide academic teaching staff through the processes of developing their capacities to design and teach online courses. To meet these challenges at one higher education institution, a mixed methods research study was implemented to identify the professional learning needs of academic teaching staff for the purposes of developing a tailor-made professional development program. The principles of self-efficacy and threshold concepts were used to inform the design of the study. Data were systematically gathered from the participants to determine self-efficacy, concerns, and questions and experiences of academic teaching staff with online teaching. Findings revealed that academic staff held threshold concepts, skills and attitudes about online teaching. Three groups of staff were identified, all with varying forms of professional development requirements. This case study account demonstrates how an evidence-based project provided the basis for a researchinformed institutional professional development program that is currently guiding academic staff through their development as online course designers and teachers.

show abstract

Recognizing malicious software behaviors with tree automata inference

Babić

Reynaud

Song

2012

Form Methods Syst Des

View full text Add to dashboard Cite

We explore how formal methods and tools of the verification trade could be used for malware detection and analysis. In particular, we propose a new approach to learning and generalizing from observed malware behaviors based on tree automata inference. Our approach infers k-testable tree automata from system call dataflow dependency graphs. We show how inferred automata can be used for malware recognition and classification.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daniel Reynaud

Malware Analysis with Tree Automata Inference

Threshold concepts about online pedagogy for novice online teachers in higher education

Differential Slicing: Identifying Causal Execution Differences for Security Applications

Development of an Evidence-based Professional Learning Program Informed by Online Teachers' Self-efficacy and Threshold Concepts

Recognizing malicious software behaviors with tree automata inference

Contact Info

Product

Resources

About