loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Muhammad Ali 1 ; Monem Hamid 1 ; Jacob Jasser 1 ; Joachim Lerman 1 ; Samod Shetty 1 and Fabio Di Troia 2

Affiliations: 1 Department of Computer Engineering, San Jose State University, San Jose, CA, U.S.A. ; 2 Department of Computer Science, San Jose State University, San Jose, CA, U.S.A.

Keyword(s): PHMM, Malware Detection, Malware Obfuscation, API Calls, Dynamic Detection, Machine Learning.

Abstract: Profile Hidden Markov Models (PHMM) have been used to detect malware samples based on their behavior on the host system and obtained promising results. Since PHMMs are a novel way of categorizing malware and there is limited research work on such detection method, there is no data on the impact that certain obfuscation techniques have on PHMMs. An obfuscation tool that could weaken PHMM based detection has not yet been proposed. Our novel approach is based on applying PHMM detection by training the machine learning models on API calls that are dynamically extracted from the malware samples, and then attempting to elude detection by the same models using obfuscation techniques. Hence, in our paper, we created a PHMM model trained on API call sequences extracted by running malware in a sandbox, then we tried to undermine the detection effectiveness by applying different state-of-the-art API obfuscation techniques to the malware. By implementing sophisticated API calls obfuscation techn iques, we were able to reduce the PHMM detection rate from 1.0, without API call obfuscation, to 0.68. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.218.234.83

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Ali, M.; Hamid, M.; Jasser, J.; Lerman, J.; Shetty, S. and Di Troia, F. (2022). Profile Hidden Markov Model Malware Detection and API Call Obfuscation. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - ForSE; ISBN 978-989-758-553-1; ISSN 2184-4356, SciTePress, pages 688-695. DOI: 10.5220/0011005800003120

@conference{forse22,
author={Muhammad Ali. and Monem Hamid. and Jacob Jasser. and Joachim Lerman. and Samod Shetty. and Fabio {Di Troia}.},
title={Profile Hidden Markov Model Malware Detection and API Call Obfuscation},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ForSE},
year={2022},
pages={688-695},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011005800003120},
isbn={978-989-758-553-1},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - ForSE
TI - Profile Hidden Markov Model Malware Detection and API Call Obfuscation
SN - 978-989-758-553-1
IS - 2184-4356
AU - Ali, M.
AU - Hamid, M.
AU - Jasser, J.
AU - Lerman, J.
AU - Shetty, S.
AU - Di Troia, F.
PY - 2022
SP - 688
EP - 695
DO - 10.5220/0011005800003120
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic