Malware detection based on mining API calls

@inproceedings{Sami2010MalwareDB,
  title={Malware detection based on mining API calls},
  author={Ashkan Sami and Babak Yadegari and Hossein Rahimi and Naser Peiravian and Sattar Hashemi and Ali Hamzeh},
  booktitle={SAC '10},
  year={2010}
}
Financial loss due to malware nearly doubles every two years. For instance in 2006, malware caused near 33.5 Million GBP direct financial losses only to member organizations of banks in UK. Recent malware cannot be detected by traditional signature based anti-malware tools due to their polymorphic and/or metamorphic nature. Malware detection based on its immutable characteristics has been a recent industrial practice. The datasets are not public. Thus the results are not reproducible and… 

Figures and Tables from this paper

Windows API based Malware Detection and Framework Analysis
TLDR
This paper elucidate an automated framework for analyzing and classifying executables based on their relevant API calls and explains all the software components used to make the framework fully automatic for extracting API calls.
Malware Detection Systems Based on API Log Data Mining
TLDR
This research uses hooking techniques to trace the dynamic signatures that malware tries to hide, and compares the behavioural differences between malware and benign programs by using data mining techniques in order to identify the malware.
Malware detection via API calls, topic models and machine learning
TLDR
This work presents a model that uses text mining and topic modeling to detect malware, based on the types of API call sequences, and recommends Decision Tree as it yields `if-then' rules, which could be used as an early warning expert system.
Performance Evaluation of String Based Malware Detection Methods
  • Fahad Mira, Wei Huang
  • Computer Science
    2018 24th International Conference on Automation and Computing (ICAC)
  • 2018
TLDR
Longest Common Substring and Longmost Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants.
A miner for malware detection based on API function calls and their arguments
  • Z. Salehi, M. Ghiasi, A. Sami
  • Computer Science
    The 16th CSI International Symposium on Artificial Intelligence and Signal Processing (AISP 2012)
  • 2012
TLDR
A scalable method that relies on utilizing features other than traditional API calls to obtain higher accuracies and is an appropriate approach to be used in industrial applications is introduced.
Deep learning based Sequential model for malware analysis using Windows exe API Calls
TLDR
A classification method according to malware types by taking into consideration the behavior of malware is developed, which demonstrates accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory.
Performance Maintenance Over Time of Random Forest-based Malware Detection Models
  • Colin Galen, Robert Steele
  • Computer Science
    2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)
  • 2020
TLDR
This study makes use of a large dataset comprised of the features extracted from malware/goodware executable samples in the very common Portable Executable (PE) format to analyze the deterioration of machine learning-based malware detection models over time from training, and considers in greater depth, Random Forest-based models for malware detection.
The Pipeline Process of Signature-based and Behavior-based Malware Detection
TLDR
The pipeline process of both signature- based malware detection and behavior-based malware detection is explained, which will help researchers to understand these techniques in a detailed manner.
A NOVEL DATA MINING METHOD FOR MALWARE DETECTION
TLDR
This work presents for the first time that using an API and the number of iteration as a countermeasure for malware detection in the API is presented.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 30 REFERENCES
An intelligent PE-malware detection system based on association mining
TLDR
The Intelligent Malware Detection System (IMDS) is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier, and an OOA_Fast_FP-Growth algorithm is adapted to efficiently generate OOA rules for classification.
Static analyzer of vicious executables (SAVE)
TLDR
This paper presents a robust signature-based malware detection technique, with emphasis on detecting obfuscated malware and mutated (or metamorphic) malware.
Semantics-aware malware detection
TLDR
Experimental evaluation demonstrates that the malware-detection algorithm can detect variants of malware with a relatively low run-time overhead and the semantics-aware malware detection algorithm is resilient to common obfuscations used by hackers.
Classification of software behaviors for failure detection: a discriminative pattern mining approach
TLDR
This work addresses software reliability issues by proposing a novel method to classify software behaviors based on past history or runs, and finds that the pattern-based classification technique outperforms the baseline approach by 24.68% in accuracy.
Data mining methods for detection of new malicious executables
TLDR
This work presents a data mining framework that detects new, previously unseen malicious executables accurately and automatically and more than doubles the current detection rates for new malicious executable.
Learning to detect malicious executables in the wild
TLDR
A fielded application for detecting malicious executables in the wild is described using techniques from machine learning and data mining, and boosted decision trees outperformed other methods with an area under the roc curve of 0.996.
Virus detection using data mining techinques
TLDR
An automatic heuristic method to detect unknown computer virus based on data mining techniques, namely decision tree and naive Bayesian network algorithms, is proposed and experiments are carried to evaluate the effectiveness the proposed approach.
Automatic Extraction of Computer Virus SignaturesJe
TLDR
A statistical method for automatically extracting good signatures from the machine code of a virus, which obviates the need for a small army of virus analysts, permitting IBM's signature database to be maintained by a single virus expert working halftime.
Static Analysis of Executables to Detect Malicious Patterns
TLDR
An architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations is presented, and experimental results demonstrate the efficacy of the prototype tool, SAFE (a static analyzer for executables).
Detecting intrusion transactions in databases using data item dependencies and anomaly analysis
TLDR
The proposed approach to identifying malicious transactions is able to track normal transactions and detect malicious ones more effectively than existing approaches.
...
1
2
3
...