Malware classification based on extracted API sequences using static analysis

2012 ◽  
Author(s):  
Kazuki Iwamoto ◽  
Katsumi Wasaki
Keyword(s):  
Static Analysis ◽  
Malware Classification

scholarly journals Malware Classification Using Static Disassembly and Machine Learning

2021 ◽  
Author(s):  
Zhenshuo Chen ◽  
Eoin Brophy ◽  
Tomas Ward
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Learning Algorithm ◽  
Small Scale ◽  
The Novel ◽  
Machine Code ◽  
Code Coverage ◽  
Malware Classification ◽  
Training Samples ◽  
Critical Issues

<div>Network and system security are incredibly critical issues now. Due to the rapid proliferation of malware, traditional analysis methods struggle with enormous samples.</div><div>In this paper, we propose four easy-to-extract and small-scale features, including sizes and permissions of Windows PE sections, content complexity, and import libraries, to classify malware families, and use automatic machine learning to search for the best model and hyper-parameters for each feature and their combinations. Compared with detailed behavior-related features like API sequences, proposed features provide macroscopic information about malware. The analysis is based on static disassembly scripts and hexadecimal machine code. Unlike dynamic behavior analysis, static analysis is resource-efficient and offers complete code coverage, but is vulnerable to code obfuscation and encryption.<br></div><div>The results demonstrate that features which work well in dynamic analysis are not necessarily effective when applied to static analysis. For instance, API 4-grams only achieve 57.96% accuracy and involve a relatively high dimensional feature set (5000 dimensions). In contrast, the novel proposed features together with a classical machine learning algorithm (Random Forest) presents very good accuracy at 99.40% and the feature vector is of much smaller dimension (40 dimensions). We demonstrate the effectiveness of this approach through integration in IDA Pro, which also facilitates the collection of new training samples and subsequent model retraining.<br></div>

Advancing Malware Classification With an Evolving Clustering Method

2018 ◽  
Vol 9 (3) ◽  
pp. 1-12
Author(s):  
Chia-Mei Chen ◽  
Shi-Hao Wang
Keyword(s):  
Intrusion Detection ◽  
Static Analysis ◽  
Intrusion Detection Systems ◽  
Clustering Method ◽  
System Protection ◽  
Detection Systems ◽  
Malware Classification ◽  
Timely Response ◽  
Network Administrators

This article describes how honeypots and intrusion detection systems serve as major mechanisms for security administrators to collect a variety of sample viruses and malware for further analysis, classification, and system protection. However, increased variety and complexity of malware makes the analysis and classification challenging, especially when efficiency and timely response are two contradictory yet equally significant criteria in malware classification. Besides, similarity-based classifications exhibit insufficiency because the mutation and fuzzification of malware exacerbate classification difficulties. In order to improve malware classification speed and attend to mutation, this research proposes the ameliorated progressive classification that integrates static analysis and improved k-means algorithm. This proposed classification aims at assisting network administrators to have a malware classification preprocess and make efficient malware classifications upon the capture of new malware, thus enhancing the defense against malware.

Advancing Malware Classification With an Evolving Clustering Method

2020 ◽  
pp. 1882-1894
Author(s):  
Chia-Mei Chen ◽  
Shi-Hao Wang
Keyword(s):  
Intrusion Detection ◽  
Static Analysis ◽  
Intrusion Detection Systems ◽  
Clustering Method ◽  
System Protection ◽  
Detection Systems ◽  
Malware Classification ◽  
Timely Response ◽  
Network Administrators

This article describes how honeypots and intrusion detection systems serve as major mechanisms for security administrators to collect a variety of sample viruses and malware for further analysis, classification, and system protection. However, increased variety and complexity of malware makes the analysis and classification challenging, especially when efficiency and timely response are two contradictory yet equally significant criteria in malware classification. Besides, similarity-based classifications exhibit insufficiency because the mutation and fuzzification of malware exacerbate classification difficulties. In order to improve malware classification speed and attend to mutation, this research proposes the ameliorated progressive classification that integrates static analysis and improved k-means algorithm. This proposed classification aims at assisting network administrators to have a malware classification preprocess and make efficient malware classifications upon the capture of new malware, thus enhancing the defense against malware.

scholarly journals Malware Classification Using Static Disassembly and Machine Learning

2021 ◽  
Author(s):  
Zhenshuo Chen ◽  
Eoin Brophy ◽  
Tomas Ward
Keyword(s):  
Machine Learning ◽  
Static Analysis ◽  
Learning Algorithm ◽  
Small Scale ◽  
The Novel ◽  
Machine Code ◽  
Code Coverage ◽  
Malware Classification ◽  
Training Samples ◽  
Critical Issues

<div>Network and system security are incredibly critical issues now. Due to the rapid proliferation of malware, traditional analysis methods struggle with enormous samples.</div><div>In this paper, we propose four easy-to-extract and small-scale features, including sizes and permissions of Windows PE sections, content complexity, and import libraries, to classify malware families, and use automatic machine learning to search for the best model and hyper-parameters for each feature and their combinations. Compared with detailed behavior-related features like API sequences, proposed features provide macroscopic information about malware. The analysis is based on static disassembly scripts and hexadecimal machine code. Unlike dynamic behavior analysis, static analysis is resource-efficient and offers complete code coverage, but is vulnerable to code obfuscation and encryption.<br></div><div>The results demonstrate that features which work well in dynamic analysis are not necessarily effective when applied to static analysis. For instance, API 4-grams only achieve 57.96% accuracy and involve a relatively high dimensional feature set (5000 dimensions). In contrast, the novel proposed features together with a classical machine learning algorithm (Random Forest) presents very good accuracy at 99.40% and the feature vector is of much smaller dimension (40 dimensions). We demonstrate the effectiveness of this approach through integration in IDA Pro, which also facilitates the collection of new training samples and subsequent model retraining.<br></div>

Effects of openings on the seismic behavior and performance level of concrete shear walls

2019 ◽  
Author(s):  
Hossein Alimohammadi ◽  
Mostafa Dalvi Esfahani ◽  
Mohammadali Lotfollahi Yaghin
Keyword(s):  
Static Analysis ◽  
Cross Section ◽  
Seismic Behavior ◽  
Shear Walls ◽  
Shear Wall ◽  
Constant Cross Section ◽  
Added Resistance ◽  
Different Shapes ◽  
And Performance ◽  
Abaqus Software

In this study, the seismic behavior of the concrete shear wall considering the opening with different shapes and constant cross-section has been studied, and for this purpose, several shear walls are placed under the increasingly non-linear static analysis (Pushover). These case studies modeled in 3D Abaqus Software, and the results of the ductility coefficient, hardness, energy absorption, added resistance, the final shape, and the final resistance are compared to shear walls without opening.

Static Analysis Based Correctness Verification for Mandatory Access Control Framework

2009 ◽  
Vol 32 (4) ◽  
pp. 730-739 ◽  
Author(s):  
Xin-Song WU ◽  
Zhou-Yi ZHOU ◽  
Ye-Ping HE ◽  
Hong-Liang LIANG ◽  
Chun-Yang YUAN
Keyword(s):  
Access Control ◽  
Static Analysis ◽  
Mandatory Access Control ◽  
Control Framework

Regional and industry characteristics of trade and economic cooperation of the EEU countries

2018 ◽  
Vol 35 (3) ◽  
pp. 140-148
Author(s):  
P. M. Taranov ◽  
A. N. Gerasimov
Keyword(s):  
International Trade ◽  
Static Analysis ◽  
Economic Cooperation ◽  
Regional Structure ◽  
Trade Study ◽  
Structure Of Trade

In the paper, trends and patterns of development of trade and economic cooperation of the EEU countries are analyzed. The authors, based on the economic-static analysis of international trade, study the features of the transformation of the commodity and regional structure of trade. Conclusions are drawn about the reasons for the existing features and trends in the development of intraregional economic cooperation.

Sign in / Sign up

Export Citation Format

Share Document