Malware detection using assembly and API call sequences

Shankarapani, M.K.; Ramamoorthy, Subbu; Movva, Ram S.; Mukkamala, Srinivas

doi:10.1007/s11416-010-0141-5

Cited by 84 publications

(47 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Others extract API call sequence for each class and develop static signature based on it [8][9][10][11]. They are better from the semantic view because they monitor the sequence of calls and the flow of programs.…”

Section: International Journal Of Distributed Sensor Networkmentioning

confidence: 99%

“…With static approach [6,10,11,21], API list can be extracted from PE format of the executable files. With dynamic approach [7][8][9][22][23][24], the APIs that are called can be observed by running the executable files (usually run on virtual machine). There are two major ways to analyze the API call information gathered through the static approach.…”

Section: Malware Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Novel Approach to Detect Malware Based on API Call Sequence Analysis

Kim

2015

International Journal of Distributed Sensor Networks

191

View full text Add to dashboard Cite

In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough -measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.

show abstract

Section: International Journal Of Distributed Sensor Networkmentioning

confidence: 99%

Section: Malware Analysismentioning

confidence: 99%

A Novel Approach to Detect Malware Based on API Call Sequence Analysis

Kim

2015

International Journal of Distributed Sensor Networks

191

View full text Add to dashboard Cite

show abstract

“…These data sources could include information based on the static analysis of the binary and the API sequence calls made by the program. Methods based on these data sources have been shown to be successful [30,33,39], and could possibly lead to more accurate results when combined in our multiple kernel learning framework.…”

Section: Future Workmentioning

confidence: 99%

Graph-based malware detection using dynamic analysis

et al. 2011

View full text Add to dashboard Cite

We introduce a novel malware detection algorithm based on the analysis of graphs constructed from dynamically collected instruction traces of the target executable. These graphs represent Markov chains, where the vertices are the instructions and the transition probabilities are estimated by the data contained in the trace. We use a combination of graph kernels to create a similarity matrix between the instruction trace graphs. The resulting graph kernel measures similarity between graphs on both local and global levels. Finally, the similarity matrix is sent to a support vector machine to perform classification. Our method is particularly appealing because we do not base our classifications on the raw n-gram data, but rather use our data representation to perform classification in graph space. We demonstrate the performance of our algorithm on two classification problems: benign software versus malware, and the Netbull virus with different packers versus other classes of viruses. Our results show a statistically significant improvement over signature-based and other machine learning-based detection methods.

show abstract

“…Shankarapani et al [6] presented a methodology for composing signatures of malicious codes from PEs for identifying known and unknown malware. The key assumption of their idea is that to preserve its functionality a polymorphic malware should contain a sufficiently similar API calling sequence or assembly code.…”

Section: ⅱ Malware Classificationmentioning

confidence: 99%

“…The authors later enhanced it and presented a sequence alignment method using binary scoring and a signature-updating scheme to detect masquerade attacks [20] . Another recent approach to detection is analyzing API call sequences and classifying them as benign or malicious [21] .…”

Section: ⅱ Malware Classificationmentioning

confidence: 99%

Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups

Lim¹,

Kim²,

Noh³

et al. 2017

The Journal of Korean Institute of Communications and Informati

View full text Add to dashboard Cite

The security of Internet systems critically depends on the capability to keep anti-virus (AV) software up-to-date and maintain high detection accuracy against new malware. However, malware variants evolve so quickly they cannot be detected by conventional signature-based detection. In this paper, we proposed a malware classification method based on sequence patterns generated from the network flow of malware samples. We evaluated our method with 766 malware samples and obtained a classification accuracy of approximately 40.4%.In this study, malicious codes were classified only by network behavior of malicious codes, excluding codes and other characteristics. Therefore, this study is expected to be further developed in the future. Also, we can predict the attack groups and additional attacks can be prevented.※ 본 연구는 LIG넥스원의 지원으로 수행되었습니다.

show abstract

Malware detection using assembly and API call sequences

Cited by 84 publications

References 7 publications

A Novel Approach to Detect Malware Based on API Call Sequence Analysis

A Novel Approach to Detect Malware Based on API Call Sequence Analysis

Graph-based malware detection using dynamic analysis

Research on Malware Classification with Network Activity for Classification and Attack Prediction of Attack Groups

Contact Info

Product

Resources

About