Lorenzo Vogelsang · @ptrac3
15th Sep 2014 from TwitLonger
@mlsec I think i'll add several API's but the main problem is: how arguments added to the new API's (with their type setted properly) are parsed with Malheur? Reading the MIST paper that i was able to understand that system call arguments are associated to different levels of importance but actually i don't know if the order of parameter names in cuckoo_elements2mist.xml (such as DesideredAcces,FIleHandle,FIlename for NtOpenFIle API for example) are interepreted differently..After solving this query i'll proceed adding more API's and give you a feedback if this will cause F-Measure or any other gains in clustering..Thanks again for any help and excuse me for the lot of questions but i wasn't able to find anything useful online..