Abstract
An application programming interface (API) is an excellent feature since it is a procedure call interface to an operating system resource. Behavior features based on API play an important role in analyzing malware variants. However, the existing malware detection approaches have a lot of complex operations on construction and matching. Graph matching is an NP-complete problem and is time-consuming because of computational complexity. To address these issues, a promising approach is proposed to construct the classified behavior features from different malware families. In the proposed approach, a classified behavior feature consists of a kernel object (an API call parameter) and a series of operations (an API trace). Besides, a classified behavior graph (CBG) is represented as a number by hash to reduce workload and matching time. Subsequently, multiple machine learning classifiers are used for system classification. In particular, to verify the efficiency of our approach, we perform a series of experiments with different families. The experiments on 1220 malware samples show that the true positive rate is up to 88.3% and the false positive rate keeps within 3.9% by the support vector machine (SVM).
Highlights
Today Internet and IoT are the main data sources of the society
The information gain of a given behavior graph g is defined in Eq (3), and the malicious classified behavior is selected by computing the information gain for each malware family
It demonstrates that the classified behaviors signature of malware family has strong generalization ability and is easy to detect the variants of the known mal
Summary
Today Internet and IoT are the main data sources of the society. malware is one of the major threats to Internet and IoT. Signature-based malware detection is the most widely utilized in commercial anti-virus (AV) software [2]. With increasingly obfuscation techniques, the malware employed polymorphic and metamorphic strategies can evade detection by generating many new variants [3]. The behavior features are extracted from API call graph to detect malware variants. A good solution is the classified behavior graph (CBG) that is directly extracted from API call sequences. To detect malware variants, we present a novel feature extraction approach based on the classified behaviors features. The contributions of this paper are shown below: -We present a new feature selection approach based on the classified behaviors. D. Du et al.: Novel Approach to Detect Malware Variants Based on Classified Behaviors.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
