For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
Task Scheduling Research Based on Dynamic Backup in Cloud Environment
p.284
Multipath Routing
p.288
Design and Implementation of P2P Instant Messaging Tools in LAN
p.294
Research of Parasitic Communication Model Based on Network Behavior Features
p.302
A Dynamic Malware Detection Approach by Mining the Frequency of API Calls
p.309
A General Framework of Professional Image Processing System Based on UML
p.313
Using Context to Discern User Tasks on Desktop
p.318
A Research into the UML Legend in the Waterfall Model Development
p.322
The Research and Design of Library OA System
p.329

A Dynamic Malware Detection Approach by Mining the Frequency of API Calls

Article Preview

Abstract:

Dynamic detection method based on software behavior is an efficient and effective way for anti-virus technology. Malware and benign executable differ mainly in the implementation of some special behavior to propagation and destruction. A program's execution flow is essentially equivalent to the stream of API calls. Analyzing the API calls frequency from six kinds of behaviors in the same time has the very well differentiate between malicious and benign executables. This paper proposed a dynamic malware detection approach by mining the frequency of sensitive native API calls and described experiments conducted against recent Win32 malware. Experimental results indicate that the detection rate of proposed method is 98% and the value of the AUC is 0.981. Furthermore, proposed method can identify known and unknown malware.

You might also be interested in these eBooks
Computer and Information Technology View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 519-520)

Pages:

309-312

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.519-520.309

Citation:

Cite this paper

Online since:

February 2014

Authors:

Jin Rong Bai*, Zhen Zhou An, Guo Zhong Zou, Shi Guang Mu

Keywords:

Data Mining (DM), Information Security, Malware Detection, Native API

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] Forrest S, Hofmeyr S A, Somayaji A, et al. A sense of self for unix processes[C]/Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on. IEEE, 1996: 120-128.

DOI: 10.1109/secpri.1996.502675

Google Scholar

[2] Wespi A, Dacier M, Debar H. Intrusion detection using variable-length audit trail patterns[C]/Recent advances in intrusion detection. Springer Berlin Heidelberg, 2000: 110-129.

DOI: 10.1007/3-540-39945-3_8

Google Scholar

[3] Ahmed F, Hameed H, Shafiq M Z, et al. Using spatio-temporal information in API calls with machine learning algorithms for malware detection[C]/Proceedings of the 2nd ACM workshop on Security and artificial intelligence. ACM, 2009: 55-62.

DOI: 10.1145/1654988.1655003

Google Scholar

[4] Witten I H, Frank E, Hall M A. Data Mining: Practical Machine Learning Tools and Techniques: Practical Machine Learning Tools and Techniques[M]. Elsevier, (2011).

DOI: 10.1016/b978-0-12-374856-0.00015-8

Google Scholar

[5] Breiman L. Random forests[J]. Machine learning, 2001, 45(1): 5-32.

Google Scholar

[6] Breiman L. Bagging predictors[J]. Machine learning, 1996, 24(2): 123-140.

Google Scholar

[7] Freund Y, Schapire R E. A desicion-theoretic generalization of on-line learning and an application to boosting[C]/Computational learning theory. Springer Berlin Heidelberg, 1995: 23-37.

DOI: 10.1007/3-540-59119-2_166

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.