Exploring Behavioral Aspects of API Calls for Malware Identification and Categorization

Present day scenario shows a drastic increase in the growth of the malware. According to Kaspersky Security Lab report, India ranks seventh in offline threats and ninth in online threats caused by malware, among top ten countries of the world. Advancement in the evasion techniques like code obfuscation, packing, encryption or polymorphism help malware writers to avoid detection of their malwares by Anti-Virus Scanners (AVS), as AVS primarily fails to detect unknown malwares. In this paper we elucidate a malware detection method based on mining behavioral aspects of API calls, as extraction and interpretation of API calls can help in determining the behavior and functions of a program. We propose a feature selection algorithm to select unique and distinct APIs and then we have applied machine learning techniques for categorizing malicious and benign PE files.

[1]  Heejo Lee,et al.  Code Graph for Malware Detection , 2008, 2008 International Conference on Information Networking.

[2]  Guillaume Bonfante,et al.  Control Flow Graphs as Malware Signatures , 2007 .

[3]  Guillaume Bonfante,et al.  Architecture of a morphological malware detector , 2009, Journal in Computer Virology.

[4]  Md. Rafiqul Islam,et al.  Differentiating malware from cleanware using behavioural analysis , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[5]  Andrew Walenstein,et al.  Malware phylogeny generation using permutations of code , 2005, Journal in Computer Virology.

[6]  Thomas Dullien,et al.  Graph-based comparison of Executable Objects , 2005 .

[7]  Mansour Ahmadi,et al.  Semantic Malware Detection by Deploying Graph Mining , 2012 .

[8]  Ulrich Ultes-Nitsche,et al.  Towards establishing a unknown virus detection technique using SOM , 2006 .

[9]  Ulrich Ultes-Nitsche,et al.  Non-signature based virus detection , 2006, Journal in Computer Virology.

[10]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[11]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[12]  Bezawada Bruhadeshwar,et al.  Signature Generation and Detection of Malware Families , 2008, ACISP.

[13]  S. Katzenbeisser,et al.  Malware Normalization , 2005 .

[14]  Sattar Hashemi,et al.  Metamorphic Malware Detection using Control Flow Graph Mining , 2011 .

[15]  Kouichi Sakurai,et al.  A behavior based malware detection scheme for avoiding false positive , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.