Abstract
As the internet environment has been developed recently, threats and damage to malicious codes are increasing day by day. Most of the damage is caused by new and variant malicious codes because of the vulnerability of Endpoint. Most of the Anti-Virus used in endpoints run on a signature basis, and as intelligence on malicious code is developed, the detection rate of existing Anti-Virus is declining. Therefore, there is a need for a technology capable of handling new and variant malicious codes in real time on the endpoint. In this paper, we present a method for analyzing behaviors of malicious code using behavioral analysis of the Windows kernel function call sequence.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AhnLab: AhnLab Security Emergency Center Report, vol. 84, December 2016
McAfee: McAfee Labs Threat Report: Together is Power, June 2017
Symantec: Internet Security Threat Report, vol. 21, April 2016
Han, S.-W., Lee, S.-J.: Packed PE file detection for malware forensics. KIPS Trans. PartC 16(5), 555–562 (2009)
Kang, T., Cho, J., Chung, M., Moon, J.: Malware detection via hybrid analysis for API call. J. Korea Inst. Inf. Secur. Cryptol. 17(6), 89–98 (2007)
Han, K.-S., Kim, I.-K., Im, E.-G.: Malware family classification method using API sequential characteristic. J. Secur. Eng. 8(2), 4 (2011)
Hong, M.: A study on security technology of intelligent act detection based on CPU. A master’s thesis, Hongik University Graduate School (2016)
Probert, D.: Architecture of the Windows Kernel, v1.0a. Microsoft Corporation, MS/HP (2008)
Acknowledgments
This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2016-0-00304) supervised by the IITP (Institute for Information & communications Technology Promotion).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Shin, K., Won, Y. (2018). Study on Malicious Code Behavior Detection Using Windows Filter Driver and API Call Sequence. In: Park, J., Loia, V., Yi, G., Sung, Y. (eds) Advances in Computer Science and Ubiquitous Computing. CUTE CSA 2017 2017. Lecture Notes in Electrical Engineering, vol 474. Springer, Singapore. https://doi.org/10.1007/978-981-10-7605-3_149
Download citation
DOI: https://doi.org/10.1007/978-981-10-7605-3_149
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7604-6
Online ISBN: 978-981-10-7605-3
eBook Packages: EngineeringEngineering (R0)