Instrumenting API Hooking for a Realtime Dynamic Analysis

There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.

[1]  Yoseba K. Penya,et al.  N-grams-based File Signatures for Malware Detection , 2009, ICEIS.

[2]  Jens Myrup Pedersen,et al.  An approach for detection and family classification of malware based on behavioral analysis , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[3]  S. Sibi Chakkaravarthy,et al.  A Survey on malware analysis and mitigation techniques , 2019, Comput. Sci. Rev..

[4]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Mohd Aizaini Maarof,et al.  Malware behavior image for malware variant identification , 2014, 2014 International Symposium on Biometrics and Security Technologies (ISBAST).

[6]  Muhammad Abdul Qadir,et al.  Using hidden markov model for dynamic malware analysis: First impressions , 2015, 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD).

[7]  Heejo Lee,et al.  Detecting metamorphic malwares using code graphs , 2010, SAC '10.

[8]  Bülent Yener,et al.  A Survey On Automated Dynamic Malware Analysis Evasion and Counter-Evasion: PC, Mobile, and Web , 2017, ROOTS.

[9]  Paul A. Watters,et al.  Zero-day Malware Detection based on Supervised Learning Algorithms of API call Signatures , 2011, AusDM.

[10]  Peter Szor,et al.  HUNTING FOR METAMORPHIC , 2001 .

[11]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[12]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[13]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[14]  T Subbulakshmi,et al.  Dynamic malware analysis using machine learning algorithm , 2017, 2017 International Conference on Intelligent Sustainable Systems (ICISS).

[15]  Abdurrahman Pektas Classification des logiciels malveillants basée sur le comportement à l'aide de l'apprentissage automatique en ligne. (Behavior based malware classification using online machine learning) , 2015 .

[16]  Eunjin Kim,et al.  A Novel Approach to Detect Malware Based on API Call Sequence Analysis , 2015, Int. J. Distributed Sens. Networks.

[17]  Eul Gyu Im,et al.  Malware classification using instruction frequencies , 2011, RACS.

[18]  Chris Lokan,et al.  A Preemptive Behaviour-based Malware Detection through Analysis of API Calls Sequence Inspired by Human Immune System , 2018 .

[19]  Hyun-il Lim Detecting Malicious Behaviors of Software through Analysis of API Sequence k-grams , 2016 .

[20]  R. Nigel Horspool,et al.  Sliding window and control flow weight for metamorphic malware detection , 2014, Journal of Computer Virology and Hacking Techniques.

[21]  Christopher Krügel,et al.  A quantitative study of accuracy in system call-based malware detection , 2012, ISSTA 2012.

[22]  Suhaimi Ibrahim,et al.  Camouflage in Malware: from Encryption to Metamorphism , 2012 .

[23]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[24]  Andrew Vance Flow based analysis of Advanced Persistent Threats detecting targeted attacks in cloud computing , 2014, 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology.

[25]  Shi Guang Mu,et al.  A Dynamic Malware Detection Approach by Mining the Frequency of API Calls , 2014, CIT 2014.

[26]  S. P. Choudhary,et al.  A Simple Method for Detection of Metamorphic Malware using Dynamic Analysis and Text Mining , 2015 .

[27]  Youssef B. Mahdy,et al.  Behavior-based features model for malware detection , 2016, Journal of Computer Virology and Hacking Techniques.

[28]  Yongxin Feng,et al.  A Feature Extraction Method of Hybrid Gram for Malicious Behavior Based on Machine Learning , 2019, Secur. Commun. Networks.