Malware Function Estimation Using API in Initial Behavior

Malware Function Estimation Using API in Initial Behavior

Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Communications and Computer Sciences, 2017/01/01, Vol.E100.A(1), pp.167-175
Hauptverfasser: KAWAGUCHI, Naoto, OMOTE, Kazumasa
Format: Artikel
Sprache:eng
Schlagworte:
Categories
dynamic analysis
Dynamic tests
Electronics
Estimates
Estimating
Estimation
function estimation
Machine learning
Malware
Mathematical analysis
Mathematical models
risk evaluation
supervised machine learning
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 175
container_issue 1
container_start_page 167
container_title IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
container_volume E100.A
creator KAWAGUCHI, Naoto
OMOTE, Kazumasa
description Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.
doi_str_mv 10.1587/transfun.E100.A.167
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1880008557</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1880008557</sourcerecordid><originalsourceid>FETCH-LOGICAL-c633t-f4e6809d491d2ae0afb6c75a55ca598d31b7d8ce1ea477ccf4aa7a1cc4fd3a333</originalsourceid><addsrcrecordid>eNplkLFOwzAQhi0EEqXwBCyRWFgS7NiOnTFULRQVwUBn6-o4ravUKXYC4u1JKVQIprvh-073_whdEpwQLsVN68GFqnPJmGCcFAnJxBEaEMF4TCgVx2iAc5LFkmN5is5CWGNMZErYAOWPUL-DN9Gkc7q1jYvGobUb-FrnwbplVDxPI-uiqbOthTq6NSt4s40_RycV1MFcfM8hmk_GL6P7ePZ0Nx0Vs1hnlLZxxUwmcV6ynJQpGAzVItOCA-caeC5LShailNoQA0wIrSsGIIBozaqSAqV0iK73d7e-ee1MaNXGBm3qGpxpuqCIlBhjybno0as_6LrpvOu_UyntE1PKWdpTdE9p34TgTaW2vk_sPxTBalen-qlT7epUherr7K2HvbUOLSzNwQHfWl2b_84v-QDpFXhlHP0EjYOFVQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2301833542</pqid></control><display><type>article</type><title>Malware Function Estimation Using API in Initial Behavior</title><source>J-STAGE Free</source><creator>KAWAGUCHI, Naoto ; OMOTE, Kazumasa</creator><creatorcontrib>KAWAGUCHI, Naoto ; OMOTE, Kazumasa</creatorcontrib><description>Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.</description><identifier>ISSN: 0916-8508</identifier><identifier>EISSN: 1745-1337</identifier><identifier>DOI: 10.1587/transfun.E100.A.167</identifier><language>eng</language><publisher>Tokyo: The Institute of Electronics, Information and Communication Engineers</publisher><subject>Categories ; dynamic analysis ; Dynamic tests ; Electronics ; Estimates ; Estimating ; Estimation ; function estimation ; Machine learning ; Malware ; Mathematical analysis ; Mathematical models ; risk evaluation ; supervised machine learning</subject><ispartof>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2017/01/01, Vol.E100.A(1), pp.167-175</ispartof><rights>2017 The Institute of Electronics, Information and Communication Engineers</rights><rights>Copyright Japan Science and Technology Agency 2017</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c633t-f4e6809d491d2ae0afb6c75a55ca598d31b7d8ce1ea477ccf4aa7a1cc4fd3a333</citedby><cites>FETCH-LOGICAL-c633t-f4e6809d491d2ae0afb6c75a55ca598d31b7d8ce1ea477ccf4aa7a1cc4fd3a333</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>315,781,785,1884,4025,27928,27929,27930</link.rule.ids></links><search><creatorcontrib>KAWAGUCHI, Naoto</creatorcontrib><creatorcontrib>OMOTE, Kazumasa</creatorcontrib><title>Malware Function Estimation Using API in Initial Behavior</title><title>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</title><addtitle>IEICE Trans. Fundamentals</addtitle><description>Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.</description><subject>Categories</subject><subject>dynamic analysis</subject><subject>Dynamic tests</subject><subject>Electronics</subject><subject>Estimates</subject><subject>Estimating</subject><subject>Estimation</subject><subject>function estimation</subject><subject>Machine learning</subject><subject>Malware</subject><subject>Mathematical analysis</subject><subject>Mathematical models</subject><subject>risk evaluation</subject><subject>supervised machine learning</subject><issn>0916-8508</issn><issn>1745-1337</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNplkLFOwzAQhi0EEqXwBCyRWFgS7NiOnTFULRQVwUBn6-o4ravUKXYC4u1JKVQIprvh-073_whdEpwQLsVN68GFqnPJmGCcFAnJxBEaEMF4TCgVx2iAc5LFkmN5is5CWGNMZErYAOWPUL-DN9Gkc7q1jYvGobUb-FrnwbplVDxPI-uiqbOthTq6NSt4s40_RycV1MFcfM8hmk_GL6P7ePZ0Nx0Vs1hnlLZxxUwmcV6ynJQpGAzVItOCA-caeC5LShailNoQA0wIrSsGIIBozaqSAqV0iK73d7e-ee1MaNXGBm3qGpxpuqCIlBhjybno0as_6LrpvOu_UyntE1PKWdpTdE9p34TgTaW2vk_sPxTBalen-qlT7epUherr7K2HvbUOLSzNwQHfWl2b_84v-QDpFXhlHP0EjYOFVQ</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>KAWAGUCHI, Naoto</creator><creator>OMOTE, Kazumasa</creator><general>The Institute of Electronics, Information and Communication Engineers</general><general>Japan Science and Technology Agency</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20170101</creationdate><title>Malware Function Estimation Using API in Initial Behavior</title><author>KAWAGUCHI, Naoto ; OMOTE, Kazumasa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c633t-f4e6809d491d2ae0afb6c75a55ca598d31b7d8ce1ea477ccf4aa7a1cc4fd3a333</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Categories</topic><topic>dynamic analysis</topic><topic>Dynamic tests</topic><topic>Electronics</topic><topic>Estimates</topic><topic>Estimating</topic><topic>Estimation</topic><topic>function estimation</topic><topic>Machine learning</topic><topic>Malware</topic><topic>Mathematical analysis</topic><topic>Mathematical models</topic><topic>risk evaluation</topic><topic>supervised machine learning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>KAWAGUCHI, Naoto</creatorcontrib><creatorcontrib>OMOTE, Kazumasa</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>KAWAGUCHI, Naoto</au><au>OMOTE, Kazumasa</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Malware Function Estimation Using API in Initial Behavior</atitle><jtitle>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</jtitle><addtitle>IEICE Trans. Fundamentals</addtitle><date>2017-01-01</date><risdate>2017</risdate><volume>E100.A</volume><issue>1</issue><spage>167</spage><epage>175</epage><pages>167-175</pages><issn>0916-8508</issn><eissn>1745-1337</eissn><abstract>Malware proliferation has become a serious threat to the Internet in recent years. Most current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze malware. However, estimating the malware functions has been difficult due to the increasing sophistication of malware. Actually, the previous researches do not estimate the functions of malware sufficiently. In this paper, we propose a new method which estimates the functions of unknown malware from APIs or categories observed by dynamic analysis on a host. We examine whether the proposed method can correctly estimate the malware functions by the supervised machine learning techniques. The results show that our new method can estimate the malware functions with the average accuracy of 83.4% using API information.</abstract><cop>Tokyo</cop><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transfun.E100.A.167</doi><tpages>9</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0916-8508
ispartof IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2017/01/01, Vol.E100.A(1), pp.167-175
issn 0916-8508
1745-1337
language eng
recordid cdi_proquest_miscellaneous_1880008557
source J-STAGE Free
subjects Categories
dynamic analysis
Dynamic tests
Electronics
Estimates
Estimating
Estimation
function estimation
Machine learning
Malware
Mathematical analysis
Mathematical models
risk evaluation
supervised machine learning
title Malware Function Estimation Using API in Initial Behavior
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-16T08%3A34%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Malware%20Function%20Estimation%20Using%20API%20in%20Initial%20Behavior&rft.jtitle=IEICE%20Transactions%20on%20Fundamentals%20of%20Electronics,%20Communications%20and%20Computer%20Sciences&rft.au=KAWAGUCHI,%20Naoto&rft.date=2017-01-01&rft.volume=E100.A&rft.issue=1&rft.spage=167&rft.epage=175&rft.pages=167-175&rft.issn=0916-8508&rft.eissn=1745-1337&rft_id=info:doi/10.1587/transfun.E100.A.167&rft_dat=%3Cproquest_cross%3E1880008557%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2301833542&rft_id=info:pmid/&rfr_iscdi=true