Mining CFG as API Call-grams to Detect Portable Executable Malware
نویسندگان
چکیده
Malware writers use evasion techniques like code obfuscation, packing, compression to conceal from Anti-Virus (AV) scanners as AV use syntactic signature to detect a known malware. Our detection approach is based on semantic aspect of PE executable that analyzes API Call-grams to detect unknown malicious code. Static analysis covers all the paths of code which is not possible with dynamic behavioral methods as latter does not guarantee execution of sample being analyzed. Modern malicious samples also detect controlled virtual and emulated environments and stop the functioning. Samples are analyzed by generating API Call graph from Control Flow Graph (CFG) of executables. Call graph is represented as Call-grams to detect vicious files.
منابع مشابه
Malware Detection using Windows API Sequence and Machine Learning
Monitoring the behavior of program execution at run-time is widely used to differentiate benign and malicious processes executing in the host computer. Most of the existing run-time malware detection methods use the information available in Windows Application Programming Interface (API) calls. The proposed malware detection system uses the Windows API call sequence. A 3rd order Markov chain (i...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملA Novel Data Mining Method for Malware Detection
Losses caused by malware are irrecoverable. Detection of malicious activity is the most challenge in the security of computing systems because current virulent executable are using sophisticated polymorphism and metamorphism techniques. It make difficult for analyzers to investigate their code statically. In this paper, we present a data mining approach to predict executable behavior. We provid...
متن کاملUsing Fuzzy Pattern Recognition to Detect Unknown Malicious Executables Code
An intelligent detect system to recognition unknown computer virus is proposed. Using the method based on fuzzy pattern recognition algorithm, a malicious executable code detection network model is designed also. This model target at Win32 binary viruses on Intel IA32 architectures. It could detect known and unknown malicious code by analyzing their behavior. We gathered 423 benign and 209 mali...
متن کاملDL4MD: A Deep Learning Framework for Intelligent Malware Detection
In the Internet-age, malware poses a serious and evolving threat to security, making the detection of malware of utmost concern. Many research efforts have been conducted on intelligent malware detection by applying data mining and machine learning techniques. Though great results have been obtained with these methods, most of them are built on shallow learning architectures, which are still so...
متن کامل