Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Bruce, Ndibanje; Kim, Ki Hwan; Kang, Young Jin; Kim, Hyun Ho; Kim, Tae Yong; Lee, Hoon Jae

doi:10.3390/app9020239

Cited by 38 publications

(15 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, dynamic analysis approaches are also imperfect. It is reported in [3,[5][6][7][8][9] that smart malware can detect whether it runs on a virtual or real environment. Moreover, smart malware can modify their behavior by hiding their malicious code to avoid detection.…”

Section: Related Workmentioning

confidence: 99%

“…Evaluations in [19] showed that the classification performance is downgraded from 97% to 20% when classifying obfuscated codes. Bruce Ndibanje et al [3] proposed a hybrid static/dynamic model for unpacking and de-obfuscating malware to make use of static data. They also address the behavior analysis of malware by analyzing API call sequence that makes it possible to understand malware behavior.…”

Section: Related Workmentioning

confidence: 99%

“…Unknown vulnerabilities allow an attack window time, that is the time between threat discovery to signature update. It is shown in [2][3][4][5][6] that malware authors use tools to pack and obfuscate malware to hide malware and to escape from detection. Consequently, signature-based approaches are inefficient to cope with malware authors tricks and therefore, they are unreliable.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

Current commercial antivirus detection engines still rely on signature-based methods. However, with the huge increase in the number of new malware, current detection methods become not suitable. In this paper, we introduce a malware detection model based on ensemble learning. The model is trained using the minimum number of signification features that are extracted from the file header. Evaluations show that the ensemble models slightly outperform individual classification models. Experimental evaluations show that our model can predict unseen malware with an accuracy rate of 0.998 and with a false positive rate of 0.002. The paper also includes a comparison between the performance of the proposed model and with different machine learning techniques. We are emphasizing the use of machine learning based approaches to replace conventional signature-based methods.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

show abstract

“…However, in contrast to our method, it is difficult to estimate the magnitude of the risk of the malicious code, because it is not accompanied by quantitative semantics and analysis of such MAs. B. Ndibanje [34] proposed a method for analyzing and detecting the API call sequence for MAs through obfuscation analysis and unpacking of malicious code. However, in contrast to the present study, that study mainly focused on ways to improve the detection accuracy; i.e., a potential risk analysis for various new strains of malicious code was not performed.…”

Section: Related Studiesmentioning

confidence: 99%

Decision-Making Method for Estimating Malware Risk Index

Kim

2019

Applied Sciences

View full text Add to dashboard Cite

Most recent cyberattacks have employed new and diverse malware. Various static and dynamic analysis methods are being introduced to detect and defend against these attacks. The malware that is detected by these methods includes advanced present threat (APT) attacks, which allow additional intervention by attackers. Such malware presents a variety of threats (DNS, C&C, Malicious IP, etc.) This threat information used to defend against variants of malicious attacks. However, the intelligence that is detected in this manner is used in the blocking policies of information-security systems. Consequently, it is difficult for staff who perform Computer Emergence Response Team security control to determine the extent to which cyberattacks such as malware are a potential threat. Additionally, it is difficult to use this intelligence to establish long-term defense strategies for specific APT attacks or implement intelligent internal security systems. Therefore, a decision-making model that identifies threat sources and malicious activities (MAs) that occur during the static and dynamic analysis of various types of collected malware and performs machine learning based on a quantitative analysis of these threat sources and activities is proposed herein. This model estimates malware risk indices (MRIs) in detail using an analytic hierarchy process to analyze malware and the probabilities of MAs. The analysis results were significant, as the consistency index of the estimated MRI values for 51300 types of malware, which were collected during a specific control period, was maintained at <0.051.

show abstract

“…Consequently, most of the available API-based malware detection approaches ignore the API arguments in their feature extraction techniques [14,16,25,36]. API-based malware detection has received significant attention from researchers [22,24,35,38,40,41,54]. In literature, API-based malware detection has made its advances during three distinct stages.…”

Section: Introductionmentioning

confidence: 99%