Skip to main content
SpringerLink
Log in

Detection of Malicious Executable Files Based on Clustering of Activities

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

The application of classification algorithms for malware detection is studied. The classes of activities obtained as a result of clustering are based on analysis of call sequences of WinAPI functions. Application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and random forest. To evaluate the operation efficiency of the generated classifiers, the following metrics were employed: accuracy, F1 measure, area under ROC curve, and training time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

Similar content being viewed by others

REFERENCES

  1. The AV-TEST security report 2020. www.av-test.org/fileadmin/pdf/security_report/AVTEST_Security_Report_2019-2020.pdf. Cited March 14, 2021.

  2. Kubrin, G.S. and Ivanov, D.V., Applying machine learning methods to determine phishing sites, Metody Tekh. Sredstva Obesp. Bezop. Inf., 2020, no. 29, pp. 28–30.

  3. Nair, V.P., Jain, H., Golecha, Y.K., Gaur, M.S., and Laxmi, V., MEDUSA: MEtamorphic malware dynamic analysis using signature from API, Proc. 3rd Int. Conf. on Security of Information and Networks, Rostov-on-Don, Russia, 2010, New York: Association for Computing Machinery, 2010, pp. 263–269.  https://doi.org/10.1145/1854099.1854152

  4. Tian, R., Islam, R., Batten, L., and Versteeg, S., Differentiating malware from cleanware using behavioural analysis, 5th Int. Conf. on Malicious and Unwanted Software, Nancy, 2010, IEEE, 2010, pp. 23–30.  https://doi.org/10.1109/MALWARE.2010.5665796

  5. Salehi, Z., Ghiasi, M., and Sami, A., A miner for malware detection based on API function calls and their arguments, The 16th CSI Int. Symp. on Artificial Intelligence and Signal Processing (AISP 2012), Shiraz, Iran, 2012, IEEE, 2012, pp. 563–568.  https://doi.org/10.1109/AISP.2012.6313810

  6. Hansen, S.S. and Larsen, T.M.T., Dynamic malware analysis: Detection and family classification using machine learning, Master’s Thesis, Aalborg: Aalborg Univ., 2015.

  7. Dinh, P.V., Shone, N., Dung, P.H., Shi, Q., Hung, N.V., and Ngoc, T.N., Behaviour-aware malware classification: Dynamic feature selection, 11th Int. Conf. on Knowledge and Systems Engineering (KSE), Da Nang, Vietnam, 2019, IEEE, 2019, pp. 1–5.  https://doi.org/10.1109/KSE.2019.8919491

  8. Ognev, R.A., Zhukovskii, E.V., and Zegzhda, D.P., Clustering malicious executable files based on the sequences analysis of system calls, Autom. Control Comput. Sci., 2019, vol. 53, no. 8, pp. 1045–1055.  https://doi.org/10.3103/S0146411619080212

    Article  Google Scholar 

  9. Hooked APIs and categories. https://github.com/cuckoosandbox/cuckoo/wiki/Hooked-APIs-and-Categories. Cited March 14, 2021.

  10. Ovasapyan, T.D., Knyazev, P.V., and Moskvin, D.A., Application of taint analysis to study the safety of software of the Internet of Things devices based on the ARM architecture, Autom. Control Comput. Sci., 2020, vol. 54, no. 8, pp. 834–840.  https://doi.org/10.3103/S0146411620080246

    Article  Google Scholar 

  11. Ovasapyan, T.D., Danilov, V.D., and Moskvin, D.A., Application of synthetic data generation methods in tasks of detecting network attacks on the Internet of Things, devices, Autom. Control Comput. Sci., 2021, vol. 55, no. 8, pp. 991–998.https://doi.org/10.3103/S0146411621080241

  12. Kalinin, M. and Zegzhda, P., AI-based security for the smart networks, 13th Int. Conf. on Security of Information and Networks, Merkez, Turkey, 2020, New York: Association for Computing Machinery, 2020, pp. 1–4.  https://doi.org/10.1145/3433174.3433593

  13. Kalinin, M., Krundyshev, V., and Zegzhda, D., AI methods for neutralizing cyber threats at unmanned vehicular ecosystem of smart city, The Economics of Digital Transformation, Devezas, T., Leitão, J., and Sarygulov, A., Eds., Studies on Entrepreneurship, Structural Change and Industrial Dynamics, Cham: Springer, 2021, pp. 151–171.  https://doi.org/10.1007/978-3-030-59959-1_10

Download references

Funding

The work was supported by the State Assignment for Fundamental Studies (project no. 0784-2020-0026).

Author information

Authors and Affiliations

  1. Peter the Great St. Petersburg Polytechnic University, 195251, St. Petersburg, Russia

    R. A. Ognev, E. V. Zhukovskii & D. P. Zegzhda

Authors
  1. R. A. Ognev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. V. Zhukovskii
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. D. P. Zegzhda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to E. V. Zhukovskii or D. P. Zegzhda.

Ethics declarations

The authors declare that they have no conflicts of interest.

Additional information

Translated by A. Muravev

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ognev, R.A., Zhukovskii, E.V. & Zegzhda, D.P. Detection of Malicious Executable Files Based on Clustering of Activities. Aut. Control Comp. Sci. 55, 1092–1098 (2021). https://doi.org/10.3103/S0146411621080228

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411621080228

Keywords:

Search

Navigation