Malware Characterization Using WindowsAPI Call Sequences

Gupta, Sanchit; Sharma, Himanshu; Kaur, Sarvjeet

doi:10.13052/jcsm2245-1439.741

Cited by 8 publications

(3 citation statements)

References 14 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Rather than focusing on API sequences as it pertains to general malicious behavior, researchers have explored common API sequence usage among malware variants and types. In [330], fve classes of malware including Worm, Trojan-Downloader, Trojan-Spy, Trojan-Dropper, and Backdoor were associated based on the presence of 26 API categories and sequences. 534 malware variants were hooked and then categorized based on the presence of these API sequences, which were characteristically diferent for different malware types that aim to pursue diferent objectives through their API usage.…”

Section: Application Programming Interface Sequencesmentioning

confidence: 99%

Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits

Brezinski,

Ferens

2023

Security and Communication Networks

View full text Add to dashboard Cite

The competing landscape between malware authors and security analysts is an ever-changing battlefield over who can innovate over the other. While security analysts are constantly updating their signatures of known malware, malware variants are changing their signature each time they infect a new host, leading to an endless game of cat and mouse. This survey looks at providing a thorough review of obfuscation and metamorphic techniques commonly used by malware authors. The main topics covered in this work are (1) to provide an overview of string-scanning techniques used by antivirus vendors and to explore the impact malware has had from a security and monetary perspective; (2) to provide an overview of the methods of obfuscation during disassembly, as well as methods of concealment using a combination of encryption and compression; (3) to provide a comprehensive list of the datasets we have available to us in malware research, including tools to obfuscate malware samples, and to finally (4) discuss the various ways Windows APIs are categorized and vectorized to identify malicious binaries, especially in the context of identifying obfuscated malware variants. This survey provides security practitioners a better understanding of the nature and makeup of the obfuscation employed by malware. It also provides a review of what are the main barriers to reverse-engineering malware for the purposes of uncovering their complexity and purpose.

show abstract

Section: Application Programming Interface Sequencesmentioning

confidence: 99%

Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits

Brezinski,

Ferens

2023

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Namun, karena kurangnya sampel, maka peneliti masih belum dapat mengevaluasi kualitas metode yang digunakan untuk membedakan antara malware dan program normal. Selanjutnya penelitian [16] menggunakan urutan panggilan Windows API (Win-API) untuk menangkap perilaku aplikasi berbahaya. Dalam penelitian ini lima kelas malware telah dianalisis yakni Worm, Trojan-Downloader, Trojan-Spy, Trojan-Dropper, dan Backdoor.…”

Section: Gambar 1 Top 10 Anomali Tahun 2021unclassified

Deteksi Malware Ransomware Berdasarkan Panggilan API dengan Metode Ekstraksi Fitur N-gram dan TF-IDF

Hartinah

Paundu

Ilham

2023

JEPIN

View full text Add to dashboard Cite

Ransomware merupakan ancaman malware yang paling menakutkan saat ini karena memiliki kemampuan mengenkripsi data, selain itu jumlah serangan ransomware yang terus meningkat mengakibatkan kerugian yang tidak sedikit. Penanganan atas serangan ini semakin sulit dilakukan dikarenakan varian ransomware yang terus berkembang. Dibutuhkan suatu sistem yang mampu mendeteksi ransomware bahkan untuk varian ransomware terbaru. Melalui penelitian ini kami membuat suatu sistem yang mampu mendeteksi ransomware dan normalware menggunakan metode machine learning dengan memanfaatkan data panggilan API dari ransomware dan normalware. Pada penelitian ini kami hanya melakukan binary classification untuk semua varian ransomware yang terdeteksi. Proses ekstraksi fitur terlebih dilakukan dengan metode N-gram dan TF-IDF pada panggilan API untuk membentuk subset fitur yang digunakan dalam proses pembelajaran model. Pembuatan model deteksi dilakukan dengan melatih data panggilan API dari beberapa varian ransomware. Pengujian model dilakukan baik terhadap varian ransomware yang sudah dilatih sebelumnya maupun varian ransomware diluar data latih. Proses pembelajaran model dilakukan untuk mencari kesamaan fitur dari data panggilan API berbagai varian ransomware pada data latih, kesamaan fitur ini akan dimanfaatkan untuk mendeteksi varian lain dari ransomware diluar data latih. Hasil penelitian menunjukkan bahwa akurasi rata-rata model terhadap varian ransomware dalam data latih adalah 94% dengan skor error rate tertinggi 10%. Adapun hasil deteksi ransomware untuk varian diluar data latih menunjukkan akurasi rata-rata 83% dengan skor error rate tertinggi 30%. Sehingga dengan demikian model yang dibuat pada penelitian ini dapat digunakan untuk mendeteksi ransomware meskipun varian dari ransomware mengalami perkembangan.

show abstract

“…Malware can be examined by various methods including static and dynamic analysis. The static analysis determines code without using the running state, whereas, the dynamic analysis determines the malware in its running state [7]. In 2023, almost 3 lac instances of malware were created, with 92% spread through email, which proved to be harmful for the computer systems [8].…”

Section: Introductionmentioning

confidence: 99%

Detection of Malware Attacks using Artiﬁcial Neural Network

Rana,

Minhaj Ahmad Khan

2023

VAWKUM trans. comput. sci.

View full text Add to dashboard Cite

Malware attacks are increasing rapidly as the technology continues to become prevalent. These attacks have become extremely difficult to detect as they continuously change their mechanism for exploitation of vulnerabilities in software. The conventional approaches to malware detection become ineffective due to a large number of varying patterns and sequences, thereby requiring artificial intelligence-based approaches for the detection of malware attacks. In this paper, we propose an artificial neural network-based model for malware detection. Our proposed model is generic as it can be applied to multiple datasets. We have compared our model with different machine-learning approaches. The experimentation results show that the proposed model can outperform other well-known approach as it achieves 99.6\% , 98.9\% and 99.9\% accuracy on the Windows API call dataset, Top PE Imports Dataset and Malware Dataset, respectively.

show abstract

Malware Characterization Using WindowsAPI Call Sequences

Cited by 8 publications

References 14 publications

Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits

Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits

Deteksi Malware Ransomware Berdasarkan Panggilan API dengan Metode Ekstraksi Fitur N-gram dan TF-IDF

Detection of Malware Attacks using Artiﬁcial Neural Network

Contact Info

Product

Resources

About