Contextual identification of windows malware through semantic interpretation of API call sequence
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F20%3A10246992" target="_blank" >RIV/61989100:27240/20:10246992 - isvavai.cz</a>
Výsledek na webu
<a href="https://www.mdpi.com/2076-3417/10/21/7673" target="_blank" >https://www.mdpi.com/2076-3417/10/21/7673</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.3390/app10217673" target="_blank" >10.3390/app10217673</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Contextual identification of windows malware through semantic interpretation of API call sequence
Popis výsledku v původním jazyce
The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware's mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives. (C) 2020 by the authors. Licensee MDPI, Basel, Switzerland.
Název v anglickém jazyce
Contextual identification of windows malware through semantic interpretation of API call sequence
Popis výsledku anglicky
The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware's mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives. (C) 2020 by the authors. Licensee MDPI, Basel, Switzerland.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2020
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Applied Sciences
ISSN
2076-3417
e-ISSN
—
Svazek periodika
10
Číslo periodika v rámci svazku
21
Stát vydavatele periodika
CH - Švýcarská konfederace
Počet stran výsledku
15
Strana od-do
1-15
Kód UT WoS článku
000589006900001
EID výsledku v databázi Scopus
2-s2.0-85096004091