Malware detection based on mining API calls

Sami, Ashkan; Yadegari, Babak; Rahimi, Habibollah; Peiravian, Naser; Hashemi, Sattar; Hamze, Ali

doi:10.1145/1774088.1774303

Cited by 134 publications

(71 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The level of the access to user's data depends on vulnerability level or category [14]. Whole dataset is divided into three categories which are: I.…”

Section: Resultsmentioning

confidence: 99%

“…But API usability will automatically improve if security issues can be resolved. Some paper propose new security layer for a specific device only but they didn't talk about API design policy [3], [10], [14]. Any security issues network, computers, servers or databases are responsible for representing security risks that can be exploited by hackers to gain access to system information [4].…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

API vulnerabilities: current status and dependencies

Bhuiyan¹,

Begum²,

Rahman³

et al. 2018

IJET

View full text Add to dashboard Cite

Recently API (Application Programming Interface) is becoming more popular for developers. When software is designed, most of the time, developers need to use APIs to manage a specific task. Developers use various kinds of APIs. Some of them are built by themselves and some are used from public APIs. API is a set of functions and procedures that allows another program or application to get access to features or data. Public APIs are open in public networks; developers collect these APIs depending on their specific needs. Developers need to interact with other software, as a result, a developer can conduct specific task without authorization to access the entirety of the software. It definitely reduces our loads at the same time introduces risks. In the end every developer wants to ensure security to his/her application. Commonly used public APIs are not enough secure to provide security to confidential data. We focused on these public APIs that are commonly used by developers. We tested a set of public APIs in our security lab and we have found many vulnerabilities that are highly alarming for developers who are going to use these API. In this paper we have tried to introduce the current status of vulnerable APIs. Moreover, several relationships exist between API vulnerabilities. In this paper we have also discussed the dependencies and relationships between API vulnerabilities.

show abstract

“…The level of the access to user's data depends on vulnerability level or category [14]. Whole dataset is divided into three categories which are: I.…”

Section: Resultsmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

API vulnerabilities: current status and dependencies

Bhuiyan¹,

Begum²,

Rahman³

et al. 2018

IJET

View full text Add to dashboard Cite

show abstract

“…The classification method of malware by Sami et al [14] extracts only the frequent API sequences from a large number of APIs used in their evaluation. These APIs are divided into the function categories defined by Microsoft Developer Network [12], thereby, feature vector is reduced from 44,605 to 95 dimensions.…”

Section: Classification Methods Of Malwarementioning

confidence: 99%

“…Furthermore, in order to improve the classification accuracy of malware, they have chosen 4 dimensions by high Fisher score. However, the unpacking method in this method [14] cannot deal with handmade packers and the extracted APIs are numerous, so this method is unpractical.…”

Section: Classification Methods Of Malwarementioning

confidence: 99%

See 1 more Smart Citation

Malware Function Estimation Using API in Initial Behavior

Kawaguchi

Omote

2017

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

SUMMARY Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.

show abstract

Ransomware detection using machine learning algorithms

Bae

Lee

2019

Concurrency and Computation

View full text Add to dashboard Cite

Summary The number of ransomware variants has increased rapidly every year, and ransomware needs to be distinguished from the other types of malware to protect users' machines from ransomware‐based attacks. Ransomware is similar to other types of malware in some aspects, but other characteristics are clearly different. For example, ransomware generally conducts a large number of file‐related operations in a short period of time to lock or to encrypt files of a victim's machine. The signature‐based malware detection methods, which have difficulties to detect zero‐day ransomware, are not suitable to protect users' files against the attacks caused by risky unknown ransomware. Therefore, a new protection mechanism specialized for ransomware is needed, and the mechanism should focus on ransomware‐specific operations to distinguish ransomware from other types of malware as well as benign files. This paper proposes a ransomware detection method that can distinguish between ransomware and benign files as well as between ransomware and malware. The experimental results show that our proposed method can detect ransomware among malware and benign files.

show abstract

Malware detection based on mining API calls

Cited by 134 publications

References 10 publications

API vulnerabilities: current status and dependencies

API vulnerabilities: current status and dependencies

Malware Function Estimation Using API in Initial Behavior

Ransomware detection using machine learning algorithms

Contact Info

Product

Resources

About