All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

A Multi-Perspective malware detection approach through behavioral fusion of API call sequence

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F21%3A10248758" target="_blank" >RIV/61989100:27240/21:10248758 - isvavai.cz</a>

  • Alternative codes found

    RIV/61989100:27740/21:10248758

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub" target="_blank" >https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.cose.2021.102449" target="_blank" >10.1016/j.cose.2021.102449</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    A Multi-Perspective malware detection approach through behavioral fusion of API call sequence

  • Original language description

    The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes&apos; behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Computers and Security

  • ISSN

    0167-4048

  • e-ISSN

  • Volume of the periodical

    110

  • Issue of the periodical within the volume

    4

  • Country of publishing house

    US - UNITED STATES

  • Number of pages

    21

  • Pages from-to

  • UT code for WoS article

    000703432300007

  • EID of the result in the Scopus database