An information retrieval approach for malware classification based on Windows API calls

Julia Yu Chin Cheng, Tzung Shian Tsai, Chu Sing Yang

研究成果: Conference contribution

19 引文 斯高帕斯(Scopus)

摘要

Automated malware toolkits allow for easy generation of new malicious programs. These new executables carry similar malicious code and demonstrate similar malicious behavior on infected hosts. In order to speed up the efficiency of mal ware detection, discriminating a malware as known or a new species of malware has become a critical issue in the security industry. In this paper, we propose a new approach to precisely classify malicious executables by employing information retrieval theory. Dynamic analysis of a sample's sequence of Windows API function calls produces corresponding parameters and values which is used as input to a standard TF-IDF weighting scheme to identify malware families by their behavior characteristics. Irrelevance reduction is developed to filter out non-relevant features and improve accuracy of malware classification. Finally, a similarity measure is used to determine the most similar malware family to the tested samples.

原文English
主出版物標題Proceedings - International Conference on Machine Learning and Cybernetics
發行者IEEE Computer Society
頁面1678-1683
頁數6
ISBN(電子)9781479902576
DOIs
出版狀態Published - 2013
事件12th International Conference on Machine Learning and Cybernetics, ICMLC 2013 - Tianjin, China
持續時間: 2013 七月 142013 七月 17

出版系列

名字Proceedings - International Conference on Machine Learning and Cybernetics
4
ISSN(列印)2160-133X
ISSN(電子)2160-1348

Other

Other12th International Conference on Machine Learning and Cybernetics, ICMLC 2013
國家/地區China
城市Tianjin
期間13-07-1413-07-17

All Science Journal Classification (ASJC) codes

  • 人工智慧
  • 計算機理論與數學
  • 電腦網路與通信
  • 人機介面

指紋

深入研究「An information retrieval approach for malware classification based on Windows API calls」主題。共同形成了獨特的指紋。

引用此