Abstract
Malware variants have been developed and spread in the Internet, and the number of new malware variants is increases every year. Recently, malware is applied with obfuscation and mutation techniques to hide its existence, and malware variants are developed with various automatic tools that transform the properties of existing malware to avoid static analysis based malware detection systems. It is difficult to detect such obfuscated malware with static-based signatures, so we have designed a detection system based on dynamic analysis. In this paper, we propose a dynamic analysis based system that uses the API invocation sequences to compare behaviors of suspicious software with behaviors of existing malware.
References
The Independent IT-Security Institute. http://www.av-test.org/en/
The site for providing information about computer viruses. http://vxheaven.org/
Cuckoo Sandbox. http://www.cuckoosandbox.org/
Wu, L., Ping, R., Ke, L., Hai-xin, D.: Behavior-based Malware analysis and detection. In: First International Workshop on Complexity and Data Mining, pp. 39–42. IEEE, Nanjing (2011)
Apel, M., Bockermann, C., Meier, M.: Measuring similarity of malware behavior. In: The 5th LCN Workshop on Security in Communications Networks, pp. 891–898. IEEE, Zurich (2009)
Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)
Alazab, M., Venkataraman, S., Watters, P.: Towards understanding malware behaviour by the extraction of API calls. In: 2010 Cybercrime and Trustworthy Computing Workshop, pp. 52–59. IEEE, Ballarat (2010)
Bayer, U., Habibi, I., Balzarotti, D.: A view on current malware behaviors. In: USENIX conference on Large-scale Exploits and Emergent Threats, p. 8. ACM, Boston (2009)
Xu, J.-Y., Sung, A.H., Chavez, P., Mukkzmala, S.: Polymorphic malicious executable scanner by API sequence analysis. In: Hybrid Intelligent Systems, pp. 378–383. IEEE, Kitakyushu (2004)
Natani, P., Vidyarthi, D.: Malware detection using API function frequency with ensemble based classifier. In: Security in Computing and Communications, pp. 379–388. IEEE, Mysore (2004)
Soo, H.K., Kyoung, K.I., Gyu, I.E.: Malware family classification method using API sequential characteristic. In: The International Conference on IT Convergence and Security, pp. 613–626. Springer, Huangshi (2011)
De Huang, H., Lee, C.-S., Kao, H.-Y., Tsai, Y.L., Chang, J.-G.: Malware behavioral analysis system: twman. In: Intelligent Agent, pp. 1–8. IEEE, Paris (2011)
Rieck, K., Holz, T., Willems, C., Düssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108–125. Springer, Heidelberg (2008)
Purui, S., Lingyun, Y., Dengguo, F.: Exploring malware behaviors based on environment constitution. In: Computational Intelligence and Security, pp. 320–325. IEEE, Suzhou (2008)
Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Security and Privacy, pp. 231–245. IEEE, Berkeley (2008)
Moser, A., Kruegel, C., Kirda, E.: Byte level nGram analysis for malware detection. In: 5th International Conference on Information Processing, pp. 51–59. Bangalore (2011)
Jian, L., Ning, Z., Ming, X., YongQing, S., JiouChuan, L.: Malware behavior extracting via maximal patterns. In: The 1st International Conference on Information Science and Engineering, pp. 1759–1764. IEEE, Nanjing (2009)
Moser, A., Kruegel, C., Kirda, E.: Analysis of machine learning techniques used in behavior-based malware detection. Advances in Computing. Control and Telecommunication Technologies, pp. 201–203. IEEE, Jakarta (2010)
Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virology 2, 67–77 (2006)
Smith, T.F., Waterman, M.S.: Identification of common molecular subsequences. J. Mol. Biol. 147(1), 195–197 (1981)
Acknowledgments
This research was supported by Next-Generation Information Computing Development Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (2011-0029923)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Shim, Y.J., Kim, T., Im, E.G. (2015). A Study on Similarity Calculation Method for API Invocation Sequences. In: Ciucci, D., Wang, G., Mitra, S., Wu, WZ. (eds) Rough Sets and Knowledge Technology. RSKT 2015. Lecture Notes in Computer Science(), vol 9436. Springer, Cham. https://doi.org/10.1007/978-3-319-25754-9_43
Download citation
DOI: https://doi.org/10.1007/978-3-319-25754-9_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25753-2
Online ISBN: 978-3-319-25754-9
eBook Packages: Computer ScienceComputer Science (R0)