Abstract
Malicious code, known as malware, when executed can steal information, damage the system or may cause unavailability of system resources. In order to safeguard information systems from malware, effective detection of malware is a top priority task. Malware exhibits malicious behaviors like connecting to a remote host, downloading file from remote host, creating file in system directory etc. These behaviors can be mapped to functions used by malicious files which are imported from system’s dynamic link libraries i.e. Application programming interface (API) functions. Hence, we propose a technique to detect malware using API function frequency as feature vector for classifying malicious file. We use Ensemble based classifier for classification, as it is proven to be stable and robust classification technique. Experiments are conducted over 200 files and the technique classified malicious files effectively. Bagging used in ensemble classifier provides better results as compared to ensemble boosting. Comparison with other known techniques is also listed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Li, P., Salour, M., Su, X.: A Survey of Internet worm Detection and Containment. IEEE Communications Survey 10, 20–35 (2008)
Jacob, G., Debar, H., Filliol, E.: Behavioral Detection of Malware: From a Survey Towards an Established Taxonomy. Journal Computer Virology 4, 251–266 (2008)
Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A Survey on Automated Dynamic Malware-Analysis Techniques and Tools. ACM Computing Survey 44(2) (Feburary 2012)
Kwon, O., Bae, S., Cho, J., Moon, J.: Study of Fuzzy Clustering Methods for Malicious Code using Native API Call Frequency. In: IEEE Symposium on Computational Intelligence in Cyber Security, pp. 24–29 (2009)
Han, K.S., Kang, B., GyuIm, E.: Malware Classification using Instruction Frequencies. In: Proceedings of RACS 2011 ACM Symposium on Research in Applied Computation, pp. 298–300 (2011)
Mathew, G., Schultz, E., Eskin, E., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: Proceedings in IEEE Conference, pp. 38–49 (2001)
Zico Kolter, J., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. Journal of Machine Learning Research 7, 2721–2744 (2006)
Zenobi, G., Cunningham, P.: Using Diversity in Preparing Ensembles of Classifiers Based on Different Feature Subsets to Minimize Generalization Error. Department of Computer Science. Trinity College Dublin, pp. 1–15
Rokach, L.: Ensemble Methods for Classifiers, ch. 45, Department of Industrial Engineering, pp. 957–962. Tel-Aviv University
Menahem, E., Shabtai, A., Rokach, L., Elovici, Y.: Improving Malware Detection by Applying Multiinducer Ensemble. Elsevier Computational Statistics and Data Analysis 53, 1483–1494 (2009)
VmWare Workstation, https://my.vmware.com (dated August 01, 2012)
Malware.lu, http://malware.lu/ (dated February 10, 2013)
Cuckoo Sandbox, http://www.cuckoosandbox.org/ (dated February 10, 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Natani, P., Vidyarthi, D. (2013). Malware Detection Using API Function Frequency with Ensemble Based Classifier. In: Thampi, S.M., Atrey, P.K., Fan, CI., Perez, G.M. (eds) Security in Computing and Communications. SSCC 2013. Communications in Computer and Information Science, vol 377. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40576-1_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-40576-1_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40575-4
Online ISBN: 978-3-642-40576-1
eBook Packages: Computer ScienceComputer Science (R0)