Malware Function Classification Using APIs in Initial Behavior

Author

Kawaguchi, Naoto ; Omote, Kazumasa

Author_Institution

Sch. of Inf. Sci., Japan Adv. Inst. of Sci. & Technol., Ishikawa, Japan

fYear

2015

fDate

24-26 May 2015

Firstpage

138

Lastpage

144

Abstract

Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze. However, estimating malware functions has been difficult due to the increasing sophistication of malware. Although various approaches for malware detection and classification have been considered, the classification accuracy is still low. In this paper, we propose a new classification method which estimates malware´s functions from APIs observed by dynamic analysis on a host. We examining whether the proposed method can correctly classify unknown malware based on function by machine learning. The results show that the our new method can classify each malware´s function with an average accuracy of 83.4%.

Keywords

Internet; invasive software; learning (artificial intelligence); pattern classification; API; Internet; dynamic analysis; efficient malware analysis; illegal tools; initial behavior; machine learning; malware detection; malware function classification; malware proliferation; Accuracy; Data mining; Feature extraction; Machine learning algorithms; Malware; Software; Support vector machines; machine learning; malware classification;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on

Conference_Location

Kaohsiung

Type

conf

DOI

10.1109/AsiaJCIS.2015.15

Filename

7153948