Malware Analysis using Multiple API Sequence Mining Control Flow Graph
نویسندگان
چکیده
Malwares are becoming persistent by creating fulledged variants of the same or different family. Malwares belonging to same family share same characteristics in their functionality of spreading infections into the victim computer. These similar characteristics among malware families can be taken as a measure for creating a solution that can help in the detection of the malware belonging to particular family. In our approach we have taken the advantage of detecting these malware families by creating the database of these characteristics in the form of n-grams of API sequences. We use various similarity score methods and also extract multiple API sequences to analyze malware effectively.
منابع مشابه
A Graph Mining Approach for Detecting Metamorphic Malwares
Metamorphic malware changes the syntax of its code in each infection. This process makes it extremely hard to detect. While the byte sequence of the metamorphic malware may be quite different from its parent, the main functionality of the malware has to stay the same. Therefore, traditional methods based on static signature detection cannot detect such malwares, and need to be designed semantic...
متن کاملMining CFG as API Call-grams to Detect Portable Executable Malware
Malware writers use evasion techniques like code obfuscation, packing, compression to conceal from Anti-Virus (AV) scanners as AV use syntactic signature to detect a known malware. Our detection approach is based on semantic aspect of PE executable that analyzes API Call-grams to detect unknown malicious code. Static analysis covers all the paths of code which is not possible with dynamic behav...
متن کاملEureka: A Framework for Enabling Static Malware Analysis
We introduce Eureka, a framework for enabling static analysis on Internet malware binaries. Eureka incorporates a novel binary unpacking strategy based on statistical bigram analysis and coarse-grained execution tracing. The Eureka framework uniquely distinguishes itself from prior work by providing effective evaluation metrics and techniques to assess the quality of the produced unpacked code....
متن کاملMalware Detection using Windows API Sequence and Machine Learning
Monitoring the behavior of program execution at run-time is widely used to differentiate benign and malicious processes executing in the host computer. Most of the existing run-time malware detection methods use the information available in Windows Application Programming Interface (API) calls. The proposed malware detection system uses the Windows API call sequence. A 3rd order Markov chain (i...
متن کاملMetamorphic Malware Detection using Control Flow Graph Mining
Metamorphic malware propagation has persuaded the security society to consider about new approaches to confront this generation of malware with novel solutions. Control Flow Graph, CFG, has been successful in detection of simple malwares. By now, it needs to improve the CFG based detection methods to detect metamorphic malwares efficiently. Our Approach has improved the simple CFG with benefici...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1707.02691 شماره
صفحات -
تاریخ انتشار 2017