Abstract
Malware is generated to gain profits by attackers, and it infects many users’ computers. As a result, attackers can acquire private information such as login IDs, passwords, e-mail addresses, cell-phone numbers and banking account numbers from infected machines. Moreover, infected machines can be used for other cyber-attacks such as DDoS attacks, spam e-mail transmissions, and so on. The number of new malware discovered every day is increasing continuously because the automated tools allow attackers to generate the new malware or their variants easily. Therefore, a rapid malware analysis method is required in order to mitigate the infection rate and secondary damage to users. In this paper, we proposed a malware variant classification method using sequential characteristics of API used, and described experiment results with some malware samples.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Petzold C (1998) Programming microsoft windows, 5th edn. Microsoft Press, London
Wang M, Zhang C, Yu J (2006) Native API based windows anomaly intrusion detection method using SVM. In: Proceedings of IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, vol 1, pp 514–519
Hoglund G, Butler J (2005) Rootkits: subverting the windows kernel. Addison-Wesley, Reading
Willems C, Holz T, Freiling F (2007) Toward automated dynamic malware analysis using CWSandbox. IEEE Secur Privacy 5(2):32–39
Park N, Kim Y, Noh B (2006) A behavior based detection for malicious code using obfuscation technique. J KIISC 16(3):17–28
Fredrikson M, Jha S, Christodorescu M, Sailer R, Yan X (2010) Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proceedings of the 2010 IEEE symposium on security and privacy, pp 45–60
Miao Q, Wang Y, Cao Y, Zhang X, Liu Z (2010) APICapture—a tool for monitoring the behavior of malware. In: Proceedings of the 3rd international conference on advanced computer theory and engineering, pp 390–394
Nair VP, Jain H, Golecha YK, Gaur MS, Laxmi V (2010) MEDUSA: metamorphic malware dynamic analysis using signature from API. In: Proceedings of the 3rd international conference on security of information and networks, pp 263–269
Lee J, Jeong K, Lee H (2010) Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM symposium on applied computing, pp 1970–1977
Cesare S, Xiang Y (2010) A fast flowgraph based classification system for packed and polymorphic malware on the endhost. In: Proceedings of the 24th IEEE international conference on advanced information networking and applications, pp 721–728
Zhang Q, Reeves DS (2007) MetaAware: identifying metamorphic malware. In: Proceedings of the 23rd annual computer security applications conference, pp 411–420
Karnik A, Goswami S, RGuha R (2007) Detecting obfuscated viruses using cosine similarity analysis. In: Proceedings of the 1th Asia international conference on modelling and simulation, pp 165–170
Cha SK, Moraru I, Jang J, Truelove J, Brumley D, Andersen DG (2010) SplitScreen: enabling efficient, distributed malware detection. In: Proceedings of the 7th USENIX conference on networked systems design and implementation
ClamAV, Available at http://www.clamav.net/
VX Heavens, Available at http://vx.netlux.org/
Han KS, Kim IK, Im EG (2011) Malware family classification method using API sequential characteristic. J JSE 8(2):319–335
Acknowledgements
This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MEST) (No. 20110029924).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this paper
Cite this paper
Han, KS., Kim, IK., Im, E.G. (2012). Malware Classification Methods Using API Sequence Characteristics. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_60
Download citation
DOI: https://doi.org/10.1007/978-94-007-2911-7_60
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2910-0
Online ISBN: 978-94-007-2911-7
eBook Packages: EngineeringEngineering (R0)