A Multi-Perspective malware detection approach through behavioral fusion of API call sequence
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F21%3A10248758" target="_blank" >RIV/61989100:27240/21:10248758 - isvavai.cz</a>
Alternative codes found
RIV/61989100:27740/21:10248758
Result on the web
<a href="https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub" target="_blank" >https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2021.102449" target="_blank" >10.1016/j.cose.2021.102449</a>
Alternative languages
Result language
angličtina
Original language name
A Multi-Perspective malware detection approach through behavioral fusion of API call sequence
Original language description
The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes' behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
—
Continuities
S - Specificky vyzkum na vysokych skolach
Others
Publication year
2021
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computers and Security
ISSN
0167-4048
e-ISSN
—
Volume of the periodical
110
Issue of the periodical within the volume
4
Country of publishing house
US - UNITED STATES
Number of pages
21
Pages from-to
—
UT code for WoS article
000703432300007
EID of the result in the Scopus database
—