- Title
- Malware detection based on structural and behavioural features of API calls
- Creator
- Alazab, Mamoun; Layton, Robert; Venkatraman, Sitalakshmi; Watters, Paul
- Date
- 2010
- Type
- Text; Conference proceedings
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/41063
- Identifier
- vital:4336
- Identifier
- https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1000&context=icr
- Abstract
- In this paper, we propose a five-step approach to detect obfuscated malware by investigating the structural and behavioural features of API calls. We have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, we are able to classify if an executable file is malicious or benign. Our experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model. We also provide a preliminary analysis by our approach using support vector machine (SVM) and by varying n-values from 1 to 5, we have analysed the performance that include accuracy, false positives and false negatives. By applying SVM, we propose to train the classifier and derive an optimum n-gram model for detecting both known and unknown malware efficiently.
- Publisher
- Edith Cowan University, Perth Western Australia School of Computer and Information Science, Security Research Centre, Edith Cowan University, Perth, Western Australia
- Rights
- This metadata is freely available under a CCO license
- Subject
- Code obfuscation; Feature extraction; Malware; N-gram; SVM
- Hits: 1267
- Visitors: 1302
- Downloads: 0