Next Article in Journal
Effects of Boundary Condition Models on the Seismic Responses of a Container Crane
Previous Article in Journal
Building an Effective Intrusion Detection System Using the Modified Density Peak Clustering Algorithm and Deep Belief Networks
Article Menu
Issue 2 (January-2) cover image

Export Article

Open AccessArticle
Appl. Sci. 2019, 9(2), 239; https://doi.org/10.3390/app9020239

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

1
Research and Development Center, Cyber Threat Intelligence Lab, YangJae Innovation Hub, 114 Taebong-Ro, Seocho-Gu, Seoul 06764-601, Korea
2
Department of Ubiquitous IT, Graduate School of Dongseo University, Sasang-Gu, Busan 617-716, Korea
3
Division of Computer and Engineering, Dongseo University, Sasang-Gu, Busan 617-716, Korea
*
Author to whom correspondence should be addressed.
Received: 1 December 2018 / Revised: 29 December 2018 / Accepted: 2 January 2019 / Published: 10 January 2019
(This article belongs to the Section Computer Science and Electrical Engineering)
Full-Text   |   PDF [1123 KB, uploaded 10 January 2019]   |  
  |   Review Reports

Abstract

Data-driven public security networking and computer systems are always under threat from malicious codes known as malware; therefore, a large amount of research and development is taking place to find effective countermeasures. These countermeasures are mainly based on dynamic and statistical analysis. Because of the obfuscation techniques used by the malware authors, security researchers and the anti-virus industry are facing a colossal issue regarding the extraction of hidden payloads within packed executable extraction. Based on this understanding, we first propose a method to de-obfuscate and unpack the malware samples. Additional, cross-method-based big data analysis to dynamically and statistically extract features from malware has been proposed. The Application Programming Interface (API) call sequences that reflect the malware behavior of its code have been used to detect behavior such as network traffic, modifying a file, writing to stderr or stdout, modifying a registry value, creating a process. Furthermore, we include a similarity analysis and machine learning algorithms to profile and classify malware behaviors. The experimental results of the proposed method show that malware detection accuracy is very useful to discover potential threats and can help the decision-maker to deploy appropriate countermeasures. View Full-Text
Keywords: malware classification; behavior analysis; machine learning; feature selection; API; static analysis; dynamic analysis malware classification; behavior analysis; machine learning; feature selection; API; static analysis; dynamic analysis
Figures

Graphical abstract

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Ndibanje, B.; Kim, K.H.; Kang, Y.J.; Kim, H.H.; Kim, T.Y.; Lee, H.J. Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction. Appl. Sci. 2019, 9, 239.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Appl. Sci. EISSN 2076-3417 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top