Feature-Chain Based Malware Detection Using Multiple Sequence Alignment of API Call

Kim, Hyun‐Joo; Kim, Jong-Hyun; Kim, Jung-Tai; Kim, Ikkyun; Chung, Tai-Myoung

doi:10.1587/transinf.2015cyp0007

Cited by 7 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kim et al used MSA to generate malware behavioral "feature-chain" patterns. 21 To deal with some obfuscation techniques, such as encoding, antivirtualization, and encapsulation, used by polymorphic worms, Kim et al implemented a detection system using API and MSA, 22 which achieved higher performance in terms of precision, accuracy, and false positive. The main drawback of these methods is that they need a huge amount of memory and have a high computational complexity.…”

Section: Content-based Signature Generationmentioning

confidence: 99%

“…This method adopts dynamic information of API call sequence patterns instead of malware's static information, such as file size, process, and it can even be used to detect new unknown malware. Kim et al used MSA to generate malware behavioral “feature‐chain” patterns 21 . To deal with some obfuscation techniques, such as encoding, antivirtualization, and encapsulation, used by polymorphic worms, Kim et al implemented a detection system using API and MSA, 22 which achieved higher performance in terms of precision, accuracy, and false positive.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Toward machine intelligence that learns to fingerprint polymorphic worms in IoT

Wang

Yang

Wang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

Internet of Things (IoT) is fast growing. Non-personal computer devices under the umbrella of IoT have been increasingly applied in various fields and will soon account for a significant share of total Internet traffic. However, the security and privacy of IoT and its devices have been challenged by malware, particularly polymorphic worms that rapidly selfpropagate once being launched and vary their appearance over each infection to escape from the detection of signature-based intrusion detection systems. It is well recognized that polymorphic worms are one of the most intrusive threats to IoT security.To build an effective, strong defense for IoT networks against polymorphic worms, this study proposes a machine intelligent system, termed Gram-Restricted Boltzmann Machine (Gram-RBM), which automatically generates generic fingerprints/signatures for the polymorphic worm. Two augmented N-gram-based methods are designed and applied in the derivation of polymorphic worm sequences, also known as fingerprints/signatures. These derived sequences are then optimized using the Gaussian-Bernoulli RBM dimension-reduction algorithm. The results, gained

show abstract

Section: Content-based Signature Generationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Toward machine intelligence that learns to fingerprint polymorphic worms in IoT

Wang

Yang

Wang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

show abstract

“…1. For more explanation about each step, refer to our previous paper [5].  Data Collection & Sequence Extraction: Our malware samples had been collected from the web site such as "malshare.com" [3] and "VXVolt.net" [4].…”

Section: Functional Steps Of the Proposed Systemmentioning

confidence: 99%

Implementation of Malware Detection System Based on Behavioral Sequences

Kim¹,

Kim²,

Kim³

2016

Advanced Science and Technology Letters

View full text Add to dashboard Cite

This paper proposes the detection mechanism and implementation of the malware detection system, which generates the behavioral sequences patterns of the malware groups and detects the known and unknown malware. The behavioral patterns of the malware groups are generated as using Multiple Sequence Alignment (MSA) algorithm with the API call sequences occurred from the execution of some malware samples. Especially the proposed system provides a security manager with intuitive and easy determination through our 3D visualization technique for both the analysis result obtained from our malware detection system and the behavioral sequence patterns of the malware groups.

show abstract