Skip to main content
Log in

Improvement of malware detection and classification using API call sequence alignment and visualization

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Conventional malware detection technologies have the limitation to detect malware because recent malware uses a variety of the avoidance techniques such as obfuscation, packing, anti-virtualization, anti-emulation, encapsulation technology in order to evade the detection of malware. To overcome this limitation, it is necessary to obtain new detection technology which is able to quickly analyze massive malware and its variants, and take the rapid response to cyber intrusion. Therefore in this paper, we proposed the malware detection and classification method and implementation of our system based on the dynamic analysis using the behavioral sequence of malware (API call sequence) and sequence alignment algorithm (MSA). Also we evaluated the effectiveness of our proposed method through the experiment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Kim, H., Khoo, W., Li, P.: Polymorphic attacks against sequence-based software birthmarks. In Proceeding of 2nd ACM SIGPLAN Workshop on Software Security and Protection (2012)

  2. Cho, I., Kim, T., Shim, Y.J., Park, H., Choi, B., Im, E.: Malware similarity analysis using API sequence alignments. J. Internet Serv. Inf. Secur. 4(4), 103–114 (2014)

    Google Scholar 

  3. Chen, Y., Narayanan, A., Pang, S., Tao, B.: Multiple sequence alignment and artificial neural networks for malicious software detection. Proceedings of 8th International Conference on Natural Computation (ICNC), pp. 261–265. May 2012

  4. Elhadi, A., Maarof, M., Barry, B.: Improving the detection of malware behavior using simplified data dependent API call graph. Int. J. Secur. Appl. 7(5), 29–42 (2013)

    Google Scholar 

  5. Thompson, J.D., Gibson, T.J., Higgins, D.G.: Multiple sequence alignment using ClustalW and ClustalX. Curr. Protoc. Bioinform. Chapter 2: Unit 2.3 (2002)

  6. Polyanovsky, V., Roytberg, M., Tumanyan, V.: Comparative analysis of the quality of a global algorithm and a local algorithm for alignment of two sequences. Algorithms Mol. Biol. 6(1), 25 (2011)

    Article  Google Scholar 

  7. Multiple Sequence Alignment.: Internet: http://www.ebi.ac.uk/Tools/msa/

  8. Longest common subsequence problem, Wikipedia, Internet: https://en.wikipedia.org/wiki/Longest_common_subsequence_problem

  9. Clustal: Multiple Sequence Alignment, Internet: http://www.clustal.org/

  10. The MalShare Project.: http://malshare.com

  11. VXVolt.: http://vxvault.net

  12. WEKA Open Sources tools for Data Mining.: http://www.cs.waikato.ac.nz/ml/weka/

Download references

Acknowledgements

This work was supported by Institute for Information and communications Technology Promotion (IITP) Grant funded by the Korea Government (MSIP) (No. 2016-0-00078, Cloud-based Security Intelligence Technology Development for the Customized Security Service Provisioning).

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Kuinam J. Kim or Hyuncheol Kim.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, H., Kim, J., Kim, Y. et al. Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Comput 22 (Suppl 1), 921–929 (2019). https://doi.org/10.1007/s10586-017-1110-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-1110-2

Keywords

Navigation