Abstract

This study detects malware as it begins to execute and propose a data mining approach for malware detection using sequences of API calls in a Windows environment. We begin with some background of the study and the influence of Human Immune System in our detection mechanism, i.e. the Natural Killer (NK) and Suppressor (S) Cells. We apply the K = 10 crosses fold data validation against the dataset. We use the n-grams technique to form the data for the purpose of establishing the Knowledge Bases and for the detection stage. The detection algorithm integrates the NK and S to work in unison and statistically determine on whether a particular executable deemed as benign or malicious. The results show that we could preemptively detect malware and benign programs at the very early beginning of their execution upon inspecting the first few hundreds of the targeted API Calls. Depending on the speed of the processor and the ongoing running processes, this could just happen in a split of a second or a few. This research is as part of our initiative to build a behaviour based component of a cyber defence and this will enhance our readiness to combat zero-day attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.