Abstract
One of the major problems concerning information assurance is malicious code. In order to detect them, many existing run-time intrusion or malware detection techniques utilize information available in Application Programming Interface (API) call sequences to discriminate between benign and malicious processes. Although some great progresses have been made, the new research results of ensemble learning make it possible to design better malware detection algorithm. This paper present a novel approach of detecting malwares using API call sequences. Basing on the fact that the API call sequences of a software show local property when doing network, file IO and other operations, we first divide the API call sequences of a malware into seven subsequences, and then use each subsequence to build a classification model. After these building models are used to classify software, their outputs are combined by using BKS and the final fusion results will be used to label whether a software is malicious or not. Experiments show that our algorithm can detect known malware effectively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., et al.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy (S&P), pp. 120–128. IEEE Press, USA (1996)
Wespi, A., et al.: Intrusion Detection Using Variable-Length Audit Trail Patterns. In: Debar, H., Mé, L., Wu, S.F., et al. (eds.) RAID 2000. LNCS, vol. 1907, pp. 110–129. Springer, Heidelberg (2000)
Christodorescu, M., et al.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy (S&P). IEEE Press, USA (2005)
Beaucamps, P., Marion, J.-Y.: Optimized control flow graph construction for malware detection. In: International Workshop on the Theory of Computer Viruses (TCV), France (2008)
Ahmed, F., et al.: Using Spatio-Temporal Information in API Calls with Machine Learning Algorithms for Malware Detection and Analysis. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, Chicago, Illinois, USA, pp. 55–62 (2009)
Turner, D., et al.: Symantec Internet security thread report trends for January06-june 06. Symaatec Corporation Cupertino, CA, USA, Tech Rep: Volume X (2006)
Rieck, K., et al.: Learning and Classification of Malware Behavior. In: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Paris, France, pp. 108–125 (2008)
Ye, N.: A markov chain model of temporal behavior for anomaly detection. In: Workshop on Information Assurance and Security, West Point, NY (June 2000)
Lee, W., et al.: Data Mining Approaches for Intrusion Detection. In: 7th USENIX Security Symposium, San Antonio, TX (1998)
Han, S.-J., Cho, S.-B.: Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans. Syst. Man Cybern. B Cybern., 559–570 (June 2006)
Mitchell, T.M.: Machine Learning. The McGraw-Hill Companies, Inc., New York (1997)
Huang, Y.S., et al.: The behavior-knowledge space method for combination of multiple classifiers. In: Computer Vision and Pattern Recognition, pp. 347–352 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Guo, S., Yuan, Q., Lin, F., Wang, F., Ban, T. (2010). A Malware Detection Algorithm Based on Multi-view Fusion. In: Wong, K.W., Mendis, B.S.U., Bouzerdoum, A. (eds) Neural Information Processing. Models and Applications. ICONIP 2010. Lecture Notes in Computer Science, vol 6444. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17534-3_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-17534-3_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17533-6
Online ISBN: 978-3-642-17534-3
eBook Packages: Computer ScienceComputer Science (R0)