A Multi-Perspective malware detection approach through behavioral fusion of API call sequence
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27740%2F21%3A10248758" target="_blank" >RIV/61989100:27740/21:10248758 - isvavai.cz</a>
Nalezeny alternativní kódy
RIV/61989100:27240/21:10248758
Výsledek na webu
<a href="https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub" target="_blank" >https://www.sciencedirect.com/science/article/pii/S016740482100273X?via%3Dihub</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2021.102449" target="_blank" >10.1016/j.cose.2021.102449</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
A Multi-Perspective malware detection approach through behavioral fusion of API call sequence
Popis výsledku v původním jazyce
The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes' behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.
Název v anglickém jazyce
A Multi-Perspective malware detection approach through behavioral fusion of API call sequence
Popis výsledku anglicky
The widespread development of the malware industry is considered the main threat to our e-society. Therefore, malware analysis should also be enriched with smart heuristic tools that recognize malicious behaviors effectively. Although the generated API calling graph rep-resentation for malicious processes encodes worthwhile information about their malicious behavior, it is pragmatically inconvenient to generate a behavior graph for each process. Therefore, we experimented with creating generic behavioral graph models that describe malicious and non-malicious processes. These behavioral models relied on the fusion of statistical, contextual, and graph mining features that capture explicit and implicit rela-tionships between API functions in the calling sequence. Our generated behavioral models proved the behavioral contrast between malicious and non-malicious calling sequences. According to that distinction, we built different relational perspective models that charac-terize processes' behaviors. To prove our approach novelty, we experimented with our ap-proach over Windows and Android platforms. Our experimentations demonstrated that our proposed system identified unseen malicious samples with high accuracy with low false -positive. In terms of detection accuracy, our model retums an average accuracy of 0.997 and 0.977 to the unseen Windows and Android malware testing samples, respectively. More -over, we proposed a new indexing method for APIs based on their contextual similarities. We also suggested a new expressive, a visualized form that renders the API calling sequence. Consequently, we introduced a confidence metric to our model classification decision. Fur-thermore, we developed a behavioral heuristic that effectively identified malicious API call sequences that were deceptive or mimicry. (c) 2021 Elsevier Ltd. All rights reserved.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
10200 - Computer and information sciences
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2021
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Computers and Security
ISSN
0167-4048
e-ISSN
1872-6208
Svazek periodika
110
Číslo periodika v rámci svazku
4
Stát vydavatele periodika
US - Spojené státy americké
Počet stran výsledku
21
Strana od-do
nestrankovano
Kód UT WoS článku
000703432300007
EID výsledku v databázi Scopus
—