Advertisement

Study on Malicious Code Behavior Detection Using Windows Filter Driver and API Call Sequence

  • Kangsik Shin
  • Yoojae Won
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 474)

Abstract

As the internet environment has been developed recently, threats and damage to malicious codes are increasing day by day. Most of the damage is caused by new and variant malicious codes because of the vulnerability of Endpoint. Most of the Anti-Virus used in endpoints run on a signature basis, and as intelligence on malicious code is developed, the detection rate of existing Anti-Virus is declining. Therefore, there is a need for a technology capable of handling new and variant malicious codes in real time on the endpoint. In this paper, we present a method for analyzing behaviors of malicious code using behavioral analysis of the Windows kernel function call sequence.

Keywords

System security Kernel system API hooking Context based analysis Process 

Notes

Acknowledgments

This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2016-0-00304) supervised by the IITP (Institute for Information & communications Technology Promotion).

References

  1. 1.
    AhnLab: AhnLab Security Emergency Center Report, vol. 84, December 2016Google Scholar
  2. 2.
    McAfee: McAfee Labs Threat Report: Together is Power, June 2017Google Scholar
  3. 3.
    Symantec: Internet Security Threat Report, vol. 21, April 2016Google Scholar
  4. 4.
    Han, S.-W., Lee, S.-J.: Packed PE file detection for malware forensics. KIPS Trans. PartC 16(5), 555–562 (2009)CrossRefGoogle Scholar
  5. 5.
    Kang, T., Cho, J., Chung, M., Moon, J.: Malware detection via hybrid analysis for API call. J. Korea Inst. Inf. Secur. Cryptol. 17(6), 89–98 (2007)Google Scholar
  6. 6.
    Han, K.-S., Kim, I.-K., Im, E.-G.: Malware family classification method using API sequential characteristic. J. Secur. Eng. 8(2), 4 (2011)Google Scholar
  7. 7.
    Hong, M.: A study on security technology of intelligent act detection based on CPU. A master’s thesis, Hongik University Graduate School (2016)Google Scholar
  8. 8.
    Probert, D.: Architecture of the Windows Kernel, v1.0a. Microsoft Corporation, MS/HP (2008)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.Department of Computer Science EngineeringChungnam National UniversityDaejeonSouth Korea

Personalised recommendations