Abstract
In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. For malware detection, various approaches have been proposed. Among them, dynamic analysis is known to be effective in terms of providing behavioral information. As malware authors increasingly use obfuscation techniques, it becomes more important to monitor how malware behaves for its detection. In this paper, we propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. The result of our experiment shows high enough F-measure and accuracy. API call sequence can be extracted from most of the modern devices; therefore, we believe that our method can detect the malware for all types of the ubiquitous devices.
Highlights
Nowadays, power-saving techniques and enhanced computing power allow us to use sensors as multifunctional devices
We propose a new approach in API call sequence analysis with introducing sequence alignment algorithm
After choosing the image’s pointer using SelectObject, it copies the image to the memory space using BitBlt. It writes the captured image as a file using WriteFile. We checked whether such critical API call sequence patterns and related malicious activities found in malware distinguish malware from benign programs
Summary
In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. We propose a novel approach for dynamic analysis of malware. We adopt DNA sequence alignment algorithms and extract common API call sequence patterns of malicious function from malware in different categories. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. API call sequence can be extracted from most of the modern devices; we believe that our method can detect the malware for all types of the ubiquitous devices
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have