Skip to main content

Malware Classification Methods Using API Sequence Characteristics

  • Conference paper
  • First Online:
Proceedings of the International Conference on IT Convergence and Security 2011

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 120))

  • 1729 Accesses

Abstract

Malware is generated to gain profits by attackers, and it infects many users’ computers. As a result, attackers can acquire private information such as login IDs, passwords, e-mail addresses, cell-phone numbers and banking account numbers from infected machines. Moreover, infected machines can be used for other cyber-attacks such as DDoS attacks, spam e-mail transmissions, and so on. The number of new malware discovered every day is increasing continuously because the automated tools allow attackers to generate the new malware or their variants easily. Therefore, a rapid malware analysis method is required in order to mitigate the infection rate and secondary damage to users. In this paper, we proposed a malware variant classification method using sequential characteristics of API used, and described experiment results with some malware samples.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Petzold C (1998) Programming microsoft windows, 5th edn. Microsoft Press, London

    Google Scholar 

  2. Wang M, Zhang C, Yu J (2006) Native API based windows anomaly intrusion detection method using SVM. In: Proceedings of IEEE international conference on sensor networks, ubiquitous, and trustworthy computing, vol 1, pp 514–519

    Google Scholar 

  3. Hoglund G, Butler J (2005) Rootkits: subverting the windows kernel. Addison-Wesley, Reading

    Google Scholar 

  4. Willems C, Holz T, Freiling F (2007) Toward automated dynamic malware analysis using CWSandbox. IEEE Secur Privacy 5(2):32–39

    Article  Google Scholar 

  5. Park N, Kim Y, Noh B (2006) A behavior based detection for malicious code using obfuscation technique. J KIISC 16(3):17–28

    Google Scholar 

  6. Fredrikson M, Jha S, Christodorescu M, Sailer R, Yan X (2010) Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proceedings of the 2010 IEEE symposium on security and privacy, pp 45–60

    Google Scholar 

  7. Miao Q, Wang Y, Cao Y, Zhang X, Liu Z (2010) APICapture—a tool for monitoring the behavior of malware. In: Proceedings of the 3rd international conference on advanced computer theory and engineering, pp 390–394

    Google Scholar 

  8. Nair VP, Jain H, Golecha YK, Gaur MS, Laxmi V (2010) MEDUSA: metamorphic malware dynamic analysis using signature from API. In: Proceedings of the 3rd international conference on security of information and networks, pp 263–269

    Google Scholar 

  9. Lee J, Jeong K, Lee H (2010) Detecting metamorphic malwares using code graphs. In: Proceedings of the 2010 ACM symposium on applied computing, pp 1970–1977

    Google Scholar 

  10. Cesare S, Xiang Y (2010) A fast flowgraph based classification system for packed and polymorphic malware on the endhost. In: Proceedings of the 24th IEEE international conference on advanced information networking and applications, pp 721–728

    Google Scholar 

  11. Zhang Q, Reeves DS (2007) MetaAware: identifying metamorphic malware. In: Proceedings of the 23rd annual computer security applications conference, pp 411–420

    Google Scholar 

  12. Karnik A, Goswami S, RGuha R (2007) Detecting obfuscated viruses using cosine similarity analysis. In: Proceedings of the 1th Asia international conference on modelling and simulation, pp 165–170

    Google Scholar 

  13. Cha SK, Moraru I, Jang J, Truelove J, Brumley D, Andersen DG (2010) SplitScreen: enabling efficient, distributed malware detection. In: Proceedings of the 7th USENIX conference on networked systems design and implementation

    Google Scholar 

  14. ClamAV, Available at http://www.clamav.net/

  15. VX Heavens, Available at http://vx.netlux.org/

  16. Han KS, Kim IK, Im EG (2011) Malware family classification method using API sequential characteristic. J JSE 8(2):319–335

    Google Scholar 

Download references

Acknowledgements

This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MEST) (No. 20110029924).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Eul Gyu Im .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media B.V.

About this paper

Cite this paper

Han, KS., Kim, IK., Im, E.G. (2012). Malware Classification Methods Using API Sequence Characteristics. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_60

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-2911-7_60

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-2910-0

  • Online ISBN: 978-94-007-2911-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics