Next Article in Journal
How Can Nanoplastics Affect the Survival, Reproduction, and Behaviour of the Soil Model Enchytraeus crypticus?
Previous Article in Journal
Editorial “High-Performance Green Extraction of Natural Products”
Open AccessArticle

Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence

by 1,2, 3,4 and 5,6,*
1
Faculty of Electrical Engineering and Computer Science, VSB-Technical University of Ostrava, 17. Listopadu 2172/15, Ostrava-Poruba, 708 00 Ostrava, Czech Republic
2
Faculty of Computer Science, Misr International University, Cairo 11865, Egypt
3
Centro Singular de Investigación en Tecnoloxías Intelixentes (CiTIUS), Universidade de Santiago de Compostela, 15782 Santiago de Compostela, Spain
4
Faculty of Computers and Artificial Intelligence, Benha University, Banha 13518, Egypt
5
Department of Civil and Environmental Engineering, Incheon National University, Incheon 22012, Korea
6
Incheon Disaster Prevention Research Center, Incheon National University, Incheon 22012, Korea
*
Author to whom correspondence should be addressed.
Appl. Sci. 2020, 10(21), 7673; https://doi.org/10.3390/app10217673
Received: 27 September 2020 / Revised: 16 October 2020 / Accepted: 20 October 2020 / Published: 30 October 2020
The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware’s mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives. View Full-Text
Keywords: malware detection; API call sequence; contextual behavior; malware mimicry malware detection; API call sequence; contextual behavior; malware mimicry
Show Figures

Figure 1

MDPI and ACS Style

Amer, E.; El-Sappagh, S.; Hu, J.W. Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence. Appl. Sci. 2020, 10, 7673. https://doi.org/10.3390/app10217673

AMA Style

Amer E, El-Sappagh S, Hu JW. Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence. Applied Sciences. 2020; 10(21):7673. https://doi.org/10.3390/app10217673

Chicago/Turabian Style

Amer, Eslam; El-Sappagh, Shaker; Hu, Jong W. 2020. "Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence" Appl. Sci. 10, no. 21: 7673. https://doi.org/10.3390/app10217673

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop