Vše

Co hledáte?

Vše
Projekty
Výsledky výzkumu
Subjekty

Rychlé hledání

  • Projekty podpořené TA ČR
  • Významné projekty
  • Projekty s nejvyšší státní podporou
  • Aktuálně běžící projekty

Chytré vyhledávání

  • Takto najdu konkrétní +slovo
  • Takto z výsledků -slovo zcela vynechám
  • “Takto můžu najít celou frázi”

A Multi-Perspective malware detection approach through behavioral fusion of API call sequence

Identifikátory výsledku

  • Kód výsledku v IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F21%3A10248758" target="_blank" >RIV/61989100:27240/21:10248758 - isvavai.cz</a>

  • Nalezeny alternativní kódy

    RIV/61989100:27740/21:10248758

  • Výsledek na webu

    <a href="https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub" target="_blank" >https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.cose.2021.102449" target="_blank" >10.1016/j.cose.2021.102449</a>

Alternativní jazyky

  • Jazyk výsledku

    angličtina

  • Název v původním jazyce

    A Multi-Perspective malware detection approach through behavioral fusion of API call sequence

  • Popis výsledku v původním jazyce

    The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes&apos; behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.

  • Název v anglickém jazyce

    A Multi-Perspective malware detection approach through behavioral fusion of API call sequence

  • Popis výsledku anglicky

    The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes&apos; behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.

Klasifikace

  • Druh

    J<sub>imp</sub> - Článek v periodiku v databázi Web of Science

  • CEP obor

  • OECD FORD obor

    10200 - Computer and information sciences

Návaznosti výsledku

  • Projekt

  • Návaznosti

    S - Specificky vyzkum na vysokych skolach

Ostatní

  • Rok uplatnění

    2021

  • Kód důvěrnosti údajů

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Údaje specifické pro druh výsledku

  • Název periodika

    Computers and Security

  • ISSN

    0167-4048

  • e-ISSN

  • Svazek periodika

    110

  • Číslo periodika v rámci svazku

    4

  • Stát vydavatele periodika

    US - Spojené státy americké

  • Počet stran výsledku

    21

  • Strana od-do

  • Kód UT WoS článku

    000703432300007

  • EID výsledku v databázi Scopus