Malware Function Estimation Using API in Initial Behavior

Malware Function Estimation Using API in Initial Behavior

Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Communications and Computer Sciences, 2017/01/01, Vol.E100.A(1), pp.167-175
Hauptverfasser: KAWAGUCHI, Naoto, OMOTE, Kazumasa
Format: Artikel
Sprache:eng
Schlagworte:
Categories
dynamic analysis
Dynamic tests
Electronics
Estimates
Estimating
Estimation
function estimation
Machine learning
Malware
Mathematical analysis
Mathematical models
risk evaluation
supervised machine learning
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.
ISSN:0916-8508
1745-1337
DOI:10.1587/transfun.E100.A.167