2019
DOI: 10.3390/app9020239
|View full text |Cite
|
Sign up to set email alerts
|

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Abstract: Data-driven public security networking and computer systems are always under threat from malicious codes known as malware; therefore, a large amount of research and development is taking place to find effective countermeasures. These countermeasures are mainly based on dynamic and statistical analysis. Because of the obfuscation techniques used by the malware authors, security researchers and the anti-virus industry are facing a colossal issue regarding the extraction of hidden payloads within packed executabl… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
15
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 43 publications
(20 citation statements)
references
References 34 publications
0
15
0
Order By: Relevance
“…However, dynamic analysis approaches are also imperfect. It is reported in [3,[5][6][7][8][9] that smart malware can detect whether it runs on a virtual or real environment. Moreover, smart malware can modify their behavior by hiding their malicious code to avoid detection.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…However, dynamic analysis approaches are also imperfect. It is reported in [3,[5][6][7][8][9] that smart malware can detect whether it runs on a virtual or real environment. Moreover, smart malware can modify their behavior by hiding their malicious code to avoid detection.…”
Section: Related Workmentioning
confidence: 99%
“…Evaluations in [19] showed that the classification performance is downgraded from 97% to 20% when classifying obfuscated codes. Bruce Ndibanje et al [3] proposed a hybrid static/dynamic model for unpacking and de-obfuscating malware to make use of static data. They also address the behavior analysis of malware by analyzing API call sequence that makes it possible to understand malware behavior.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…However, in contrast to our method, it is difficult to estimate the magnitude of the risk of the malicious code, because it is not accompanied by quantitative semantics and analysis of such MAs. B. Ndibanje [34] proposed a method for analyzing and detecting the API call sequence for MAs through obfuscation analysis and unpacking of malicious code. However, in contrast to the present study, that study mainly focused on ways to improve the detection accuracy; i.e., a potential risk analysis for various new strains of malicious code was not performed.…”
Section: Related Studiesmentioning
confidence: 99%
“…Consequently, most of the available API-based malware detection approaches ignore the API arguments in their feature extraction techniques [14,16,25,36]. API-based malware detection has received significant attention from researchers [22,24,35,38,40,41,54]. In literature, API-based malware detection has made its advances during three distinct stages.…”
Section: Introductionmentioning
confidence: 99%