A Review Paper of Malware Detection Using API Call Sequences

Mira, Fahad

doi:10.1109/cais.2019.8769564

Cited by 7 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the development of machine learning, it has been observed that these techniques are being used in the field of malware analysis. To use API calls as the feature vector is one of the first usages of machine learning algorithms for malicious software analysis (Mira, 2019). N-grams are other commonly used methods for the quantification of API calls.…”

Section: Introductionmentioning

confidence: 99%

Data augmentation based malware detection using convolutional neural networks

Çatak

Ahmed

ŞAHİNBAŞ

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

Due to advancements in malware competencies, cyber-attacks have been broadly observed in the digital world. Cyber-attacks can hit an organization hard by causing several damages such as data breach, financial loss, and reputation loss. Some of the most prominent examples of ransomware attacks in history are WannaCry and Petya, which impacted companies’ finances throughout the globe. Both WannaCry and Petya caused operational processes inoperable by targeting critical infrastructure. It is quite impossible for anti-virus applications using traditional signature-based methods to detect this type of malware because they have different characteristics on each contaminated computer. The most important feature of this type of malware is that they change their contents using their mutation engines to create another hash representation of the executable file as they propagate from one computer to another. To overcome this method that attackers use to camouflage malware, we have created three-channel image files of malicious software. Attackers make different variants of the same software because they modify the contents of the malware. In the solution to this problem, we created variants of the images by applying data augmentation methods. This article aims to provide an image augmentation enhanced deep convolutional neural network (CNN) models for detecting malware families in a metamorphic malware environment. The main contributions of the article consist of three components, including image generation from malware samples, image augmentation, and the last one is classifying the malware families by using a CNN model. In the first component, the collected malware samples are converted into binary file to 3-channel images using the windowing technique. The second component of the system create the augmented version of the images, and the last part builds a classification model. This study uses five different deep CNN model for malware family detection. The results obtained by the classifier demonstrate accuracy up to 98%, which is quite satisfactory.

show abstract

Section: Introductionmentioning

confidence: 99%

Data augmentation based malware detection using convolutional neural networks

Çatak

Ahmed

ŞAHİNBAŞ

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…This study conducted a comprehensive review of the approaches for detecting malware only based on sample operation codes (OpCodes) and drew useful insights towards them. As mentioned earlier, this study focused on the malware OpCodes features and dropped the other malware features like API system calls features such in [5][38][39][40] [70] and text features such as in [38][39][40] [71][72] due to their limitations, since the former could be decoyed when the evader uses his own developed OpCodes instructions written from the ground up instead of uses of the formal API system calls. As well, it dropped the latter because the garbag of text that could be injected into the malware, which evades detection, too.…”

Section: Recommendations and Future Directionsmentioning

confidence: 99%

“…The list of acronyms Among the widely used malware feature datasets, such as API system calls features, registry activities features, file activities features, process activities features, network activities features, operation codes (OpCodes) features, and text features, this study selected operation codes (OpCodes) features. The study chose operation codes (OpCodes) features because the review of the approaches for detecting malware only based on sample OpCodes has not been addressed before, OpCodes features immune against decoying unlike API systems call and text features [38], [39], [40] and shared in the next significant contributions: 1. To the best of our knowledge, this study has made the first attempt to provide a comparison of the approaches for detecting malware only based on sample OpCodes.…”

Section: Introductionmentioning

confidence: 99%

Malware Detection Approaches based on Operational Codes (OpCodes) of Executable Programs: A Review

Saleh

2023

IJEEI

View full text Add to dashboard Cite

Usually, malware is analyzed in two ways: dynamic malware analysis and static malware analysis. The former collects feature datasets during the run of the malware, and involves malware API system calls, and registry, file, process, and network activities features. The latter collects feature datasets without the run of the malware, and involves OpCodes and text features. Several previous studies have addressed the review of the malware detection approaches based on various feature datasets, but none of them has addressed the review of the approaches merely based on malware OpCodes features. Therefore, this study aimed to review the malware detection approaches only based on OpCodes features and deduced that there is a positive relationship between the Study Year and the Detection Ratio. Besides, incorporating the improved deep learning (DL) in the approaches for detecting malware only based on OpCodes achieved 1.427 times greater accurate detection ratio.

show abstract

“…As the proportion of programs expanded to 64-bit increases, additional defense techniques are also required. A study to block malicious DLL execution was also presented, Syed et al (2015) proposed a technique to block malicious DLLs loaded in memory by detecting Windows API hooking [13], Mira (2019) proposed a method to detect abnormal activity by analyzing DLL data and monitoring the sequence of API calls to block the inflow of malicious DLLs [14]. However, as proposed by Shankarapani et al (2011) [15], Yusirwan et al (2015) [16], Bae et al (2019) [17], presented the technical method to conceal and obfuscate the malware execution routine, these case of deliberately packed advanced malware, these malicious codes have limitations in lowering the success rate of not only API trendbased detection techniques but also code data-based detection techniques.…”

Section: Related Workmentioning

confidence: 99%

Detection and Blocking Method against DLL Injection Attack Using PEB-LDR of ICS EWS in Smart IoT Environments

Kim¹,

Kim²,

Shin³

2022

Journal of Internet Technology

View full text Add to dashboard Cite

<p>Modern Industrial Control System (ICS) can provide vast functions as the introduction of IT technology is established along with the introduction of the IoT environment. Engineering Workstation (EWS) used by ICS is widely used to efficiently manage and control industrial devices including smart IoT devices. However, the DLL injection attack in ICS is not high in difficulty compared to the risk, but it can cause fatal malfunction. If an attack is carried out targeting the EWS, it may cause erroneous operation in many control devices, including IoT devices, cause fatal accidents throughout the Supervisory Control and Data Acquisition (SCADA) system. In this paper, we present a method to detect DLL injection attacks by specializing in EWS used in ICS in IoT environment and purpose a method to detect data changes due to DLL injection attacks by analyzing and utilizing PEB-LDR data. Also, we purpose a method to detect and block execution when a malicious DLL is suspected to be loaded by DLL injection.</p> <p> </p>

show abstract

A Review Paper of Malware Detection Using API Call Sequences

Cited by 7 publications

References 13 publications

Data augmentation based malware detection using convolutional neural networks

Data augmentation based malware detection using convolutional neural networks

Malware Detection Approaches based on Operational Codes (OpCodes) of Executable Programs: A Review

Detection and Blocking Method against DLL Injection Attack Using PEB-LDR of ICS EWS in Smart IoT Environments

Contact Info

Product

Resources

About