A novel approach to detect malware based on API call sequence analysis

Youngjoon Ki, Eunjin Kim, Huy Kang Kim

Research output: Contribution to journalArticle

57 Citations (Scopus)

Abstract

In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough F-measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.

Original languageEnglish
Article number659101
JournalInternational Journal of Distributed Sensor Networks
Volume2015
DOIs
Publication statusPublished - 2015

Fingerprint

Application programming interfaces (API)
Dynamic analysis
Malware
DNA sequences
Sensors

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Engineering(all)

Cite this

A novel approach to detect malware based on API call sequence analysis. / Ki, Youngjoon; Kim, Eunjin; Kim, Huy Kang.

In: International Journal of Distributed Sensor Networks, Vol. 2015, 659101, 2015.

Research output: Contribution to journalArticle

@article{a9e12d3322e64912b69c2692c5357fd5,
title = "A novel approach to detect malware based on API call sequence analysis",
abstract = "In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough F-measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.",
author = "Youngjoon Ki and Eunjin Kim and Kim, {Huy Kang}",
year = "2015",
doi = "10.1155/2015/659101",
language = "English",
volume = "2015",
journal = "International Journal of Distributed Sensor Networks",
issn = "1550-1329",
publisher = "SAGE Publications Inc.",

}

TY - JOUR

T1 - A novel approach to detect malware based on API call sequence analysis

AU - Ki, Youngjoon

AU - Kim, Eunjin

AU - Kim, Huy Kang

PY - 2015

Y1 - 2015

N2 - In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough F-measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.

AB - In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough F-measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.

UR - http://www.scopus.com/inward/record.url?scp=84935006761&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84935006761&partnerID=8YFLogxK

U2 - 10.1155/2015/659101

DO - 10.1155/2015/659101

M3 - Article

AN - SCOPUS:84935006761

VL - 2015

JO - International Journal of Distributed Sensor Networks

JF - International Journal of Distributed Sensor Networks

SN - 1550-1329

M1 - 659101

ER -