Improvement of malware detection and classification using API call sequence alignment and visualization

Kim, Hyun‐Joo; Kim, Jong-Hyun; Kim, Youngsoo; Kim, Ikkyun; Kim, Kuinam J.; Kim, Hyuncheol

doi:10.1007/s10586-017-1110-2

Cited by 49 publications

(15 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, the proposed system relies on the information derived from the source code to recognize malicious applications by retrieving the prominent application programming interface (API) calls requested by the malware. Numerous studies [9][10][11][12][13][14][15][16] have suggested that API calls can indicate malicious behavior and provide a detailed evaluation of the applications under investigation. Third, Term Frequency-Inverse Document Frequency (TF-IDF) was employed as a feature-weighting technique to reduce the importance of commonly requested features and increase the importance of rarely requested features.…”

Section: )mentioning

confidence: 99%

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Alazab

2020

Electronics

View full text Add to dashboard Cite

Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by low detection accuracy, long discovery time, complex implementation, and high computational costs associated with the processor speed, power, and memory. Therefore, an automated intelligence technique is necessary for detecting apps containing malware and effectively predicting cyberattacks in mobile marketplaces. In this study, a system for classifying mobile marketplaces applications using real-world datasets is proposed, which analyzes the source code to identify malicious apps. A rich feature set of application programming interface (API) calls is proposed to capture the regularities in apps containing malicious content. Two feature-selection methods—Chi-Square and ANOVA—were examined in conjunction with ten supervised machine-learning algorithms. The detection accuracy of each classifier was evaluated to identify the most reliable classifier for malware detection using various feature sets. Chi-Square was found to have a higher detection accuracy as compared to ANOVA. The proposed system achieved a detection accuracy of 98.1% with a classification time of 1.22 s. Furthermore, the proposed system required a reduced number of API calls (500 instead of 9000) to be incorporated as features.

show abstract

Section: )mentioning

confidence: 99%

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Alazab

2020

Electronics

View full text Add to dashboard Cite

show abstract

“…Dynamic analysis extracts behavioral features such as system calls [18], instruction sequences, network activities, etc. Imran et al [19] presented a similarity-based malware classification system.…”

Section: A Classification Methods Without Feature Selectionmentioning

confidence: 99%

An Efficient Malware Detection System using Hybrid Feature Selection Methods

Roseline¹,

Geetha²

2019

IJEAT

View full text Add to dashboard Cite

Malware is a serious threat to individuals and users. The security researchers present various solutions, striving to achieve efficient malware detection. Malware attackers devise detection avoidance techniques to escape from detection systems. The key challenge is that growth of malware increases every hour, leading to large damages to users’ privacy. The training process takes much longer time, mining the unnecessary features. Feature Selection is effective in achieving unique feature set in detecting malware. In this paper, we propose a malware detection system using hybrid feature selection approach to detect malware efficiently with a reduced feature set. Machine learning based classification is performed on eight classifiers with two malware datasets. The experiments were done without and with feature selection. The empirical results show that the classification using selected feature set and XGB classifier identifies malware efficiently with an accuracy of 98.9% and 99.26% for the two datasets.

show abstract

“…Mohaisen et al [17] obtained file operations, CPU register operations, and network communication by executing the malware in a virtual machine, and classify malware based on machine learning algorithms. Liang et al [17] and Kim et al [18] extracted file operations, network activities, etc., and performed malware classification based on the similarity measures. These techniques improve the performance of malware detection, but they are still challenged by various countermeasures [5].…”

Section: Malware Detection Based On Dynamic Featuresmentioning

confidence: 99%

File Entropy Signal Analysis Combined With Wavelet Decomposition for Malware Classification

Guo

Huang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

With the rapid development of the Internet, malware variants have increased exponentially, which poses a key threat to cyber security. Persistent efforts have been made to classify malware variants, but there are still many challenges, including the incapacity to deal with various malware variants belonging to similar families, the problem of time and resource consuming, etc. This paper proposes a novel method, called Malware Entropy Sequences Reflect the Family (MESRF), to improve the classification of malware based on the entropy sequences features. In prior research, entropy demonstrated good performance in many areas. First, the global features of the signals were extracted from the entropy sequences by some statistical methods. Next, some local features (i.e. structural entropy features) are extracted based on the discrete wavelet decomposition algorithm and vectorized by the Bag-of-words model, endowing it the high accuracy of malware classification. To evaluate our method, we conducted numerous experiments on the malware datasets with more than 20,000 samples. Through experiments, MESRF showed superiority comparing with other malware classification models, and the accuracy and ROC of the method even could reach 99.83% and 99.98% respectively on the malimg dataset.

show abstract

Improvement of malware detection and classification using API call sequence alignment and visualization

Cited by 49 publications

References 3 publications

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

An Efficient Malware Detection System using Hybrid Feature Selection Methods

File Entropy Signal Analysis Combined With Wavelet Decomposition for Malware Classification

Contact Info

Product

Resources

About