2018
DOI: 10.1007/978-3-030-04212-7_11
|View full text |Cite
|
Sign up to set email alerts
|

Discovering Similarities in Malware Behaviors by Clustering of API Call Sequences

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
7
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
4
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(7 citation statements)
references
References 19 publications
0
7
0
Order By: Relevance
“…In our model, an API pair would be adopted as meta for detection. The idea was based on the thought of Markov chain and has been evaluated in [11], [12], which defined each type of event as a system state, and the state was represented as a graph to describe the state of change [13]. When some events were executed in a specific order, it may clarify that some abnormal behaviors occurred.…”
Section: A Api Pair Graphsmentioning
confidence: 99%
“…In our model, an API pair would be adopted as meta for detection. The idea was based on the thought of Markov chain and has been evaluated in [11], [12], which defined each type of event as a system state, and the state was represented as a graph to describe the state of change [13]. When some events were executed in a specific order, it may clarify that some abnormal behaviors occurred.…”
Section: A Api Pair Graphsmentioning
confidence: 99%
“…Dynamic analysis has the advantage of generating accurate analysis results regardless of the level of anti-static analysis techniques used in the malware, such as code obfuscation, encryption. Thus, dynamic features have been applied to malware clustering in some existing work [10], [11], [21], [27], [28]. Perdisci et al [11] presented a new scalable system for network-level behavioral clustering of HTTP-based malware that aims to efficiently group newly collected malware samples into malware family clusters.…”
Section: B Malware Clustering Approaches Based On Dynamic Analysismentioning
confidence: 99%
“…The sequences of API calls are dealt with as text-like terms and terms are constructed with N-grams for the clustering process. Shamsi et al [10] proposed a hierarchical clustering algorithm based on the API call sequences. By comparing the accuracy of Optimal Matching (OM), the Longest Common Subsequence (LCS), and Long Common Prefix (LCP) [29], [30] for calculating the distance of sequences, the LCP is chosen as the sequence comparison algorithm for hierarchical clustering.…”
Section: B Malware Clustering Approaches Based On Dynamic Analysismentioning
confidence: 99%
See 2 more Smart Citations