期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2014
卷号:70
期号:1
出版社:Journal of Theoretical and Applied
摘要:Losses caused by malware are irrecoverable. Detection of malicious activity is the most challenge in the security of computing systems because current virulent executable are using sophisticated polymorphism and metamorphism techniques. It make difficult for analyzers to investigate their code statically. In this paper, we present a data mining approach to predict executable behavior. We provide an Application Programming Interface (API) which provides sequences captured of a running process with the aim of its predicting intention. Although API calls are commonly analyzed by existing anti-viruses and sandboxes, our work presents for the first time that using an API and the number of iteration as a countermeasure for malware detection in the API. The experiments have shown the effectiveness of our method on polymorphic and metamorphic malware by achieving an accuracy of 93.5% while keeping detection rate as high as 95%.
关键词:Malware; Polymorphic; Metamorphic malware; Data Mining; API calls.