Abstract
The proliferation of new malware in recent years has presented a serious security threat to our society. Research shows that variants of some known ones take a large amount of new malware, so one of the challenges in malware detection is how to find the similarities between known malware and its variants. Since API(Application Programming Interface)functions is used extensively to achieve the function of one program and It is difficult for different malware versions to conceal similarity on the functional flow level, making use of the similarity of their API-calling sequences is an essential detection method.In this paper, we present a new approach of malware detection based on critical API-calling Graph (CAG) matching rather than considering all API calls. More attention is paid on the illustration of how to extract a CAG from a control flow graph (CFG) for each malware to define a malicious behavior and how to detect the behavior in a suspicious executable using the CAG matching. This approach can overcome the drawbacks of two most common techniques adopted by current antivirus in detection of variants and unknown malware, which is demonstrated by the favorable experimental results.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
