Malware classification based on extracted API sequences using static analysis

Kazuki, Iwamoto; Wasaki, Katsumi

doi:10.1145/2402599.2402604

Cited by 40 publications

(23 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Feature sets commonly used for static analysis include strings, byte sequences, and program structure [8]- [10]; API imports and API calls [11]; and control flow information [12]- [14]. Commonly used classification algorithms include naïve Bayes, decision trees, support vector machines (SVMs) [8], [10], image classification techniques [9], hierarchical clustering analysis [11], and graph matching and clustering algorithms [12]- [14].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Run-time classification of malicious processes using system call analysis

Canzanese

Mancoridis

Kam

2015

2015 10th International Conference on Malicious and Unwanted Software (MALWARE)

View full text Add to dashboard Cite

This study presents a malware classification system designed to classify malicious processes at run-time on production hosts. The system monitors process-level system call activity and uses information extracted from system call traces as inputs to the classifier. The system is advantageous because it does not require the use of specialized analysis environments. Instead, a 'lightweight' service application monitors process execution and classifies new malware samples based on their behavioral similarity to known malware. This study compares the effectiveness of multiple feature sets, ground truth labeling schemes, and machine learning algorithms for malware classification. The accuracy of the classification system is evaluated against processlevel system call traces of recently discovered malware samples collected from production environments. Experimental results indicate that accurate classification results can be achieved using relatively short system call traces and simple representations.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Commonly used classification algorithms include naïve Bayes, decision trees, support vector machines (SVMs) [8], [10], image classification techniques [9], hierarchical clustering analysis [11], and graph matching and clustering algorithms [12]- [14].…”

Section: Related Workmentioning

confidence: 99%

Run-time classification of malicious processes using system call analysis

Canzanese

Mancoridis

Kam

2015

2015 10th International Conference on Malicious and Unwanted Software (MALWARE)

View full text Add to dashboard Cite

show abstract

“…The key assumption of their idea is that to preserve its functionality a polymorphic malware should contain a sufficiently similar API calling sequence or assembly code. Iwamoto et al [7] proposed a malware classification that extracts features with API function calls. To visualize the grouping of samples with similar features they used hierarchical cluster analysis.…”

Section: ⅱ Malware Classificationmentioning

confidence: 99%

“…Two techniques for malware classification using sequence alignment have recently been proposed [7,22] .…”

Section: ⅱ Malware Classificationmentioning

confidence: 99%

“…Our method, therefore, adopts traffic data collected by Botnetwatcher [7] , The prefix identifies the sub-system that detected the object, but it is not an obligatory part of the name and may not be present. The behaviour specifies what the detected object does, and the platform is the environment in which the program code is executed.…”

Section: Data Of Malware Samples and Family Labelingmentioning

confidence: 99%

See 1 more Smart Citation

Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups

Lim¹,

Kim²,

Noh³

et al. 2017

The Journal of Korean Institute of Communications and Informati

View full text Add to dashboard Cite

The security of Internet systems critically depends on the capability to keep anti-virus (AV) software up-to-date and maintain high detection accuracy against new malware. However, malware variants evolve so quickly they cannot be detected by conventional signature-based detection. In this paper, we proposed a malware classification method based on sequence patterns generated from the network flow of malware samples. We evaluated our method with 766 malware samples and obtained a classification accuracy of approximately 40.4%.In this study, malicious codes were classified only by network behavior of malicious codes, excluding codes and other characteristics. Therefore, this study is expected to be further developed in the future. Also, we can predict the attack groups and additional attacks can be prevented.※ 본 연구는 LIG넥스원의 지원으로 수행되었습니다.

show abstract

Ransomware detection using machine learning algorithms

Bae

Lee

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary The number of ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the other types of malware to protect users' machines from ransomware‐based attacks. Ransomware is similar to other types of malware in some aspects, but other characteristics are clearly different. For example, ransomware generally conducts a large number of file‐related operations in a short period of time to lock or to encrypt files of a victim's machine. The signature‐based malware detection methods, which have difficulties to detect zero‐day ransomware, are not suitable to protect users' files against the attacks caused by risky unknown ransomware. Therefore, a new protection mechanism specialized for ransomware is needed, and the mechanism should focus on ransomware‐specific operations to distinguish ransomware from other types of malware as well as benign files. This paper proposes a ransomware detection method that can distinguish between ransomware and benign files as well as between ransomware and malware. The experimental results show that our proposed method can detect ransomware among malware and benign files.

show abstract

Malware classification based on extracted API sequences using static analysis

Cited by 40 publications

References 8 publications

Run-time classification of malicious processes using system call analysis

Run-time classification of malicious processes using system call analysis

Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups

Ransomware detection using machine learning algorithms

Contact Info

Product

Resources

About