BROWSE
Detail
Journal Article
Feature-Chain Based Malware Detection Using Multiple Sequence Alignment of API Call
Cited 6 time in 
Share 
Share
- Authors
- Hyun-Joo KIM, Jong-Hyun KIM, Jung-Tai KIM, Ik-Kyun KIM, Tai-Myung CHUNG
- Issue Date
- 2016-04
- Citation
- IEICE Transactions on Information and Systems, v.E99.D, no.4, pp.1071-1080
- ISSN
- 1745-1361
- Publisher
- 일본, 전자정보통신학회 (IEICE)
- Language
- English
- Type
- Journal Article
- Abstract
- The recent cyber-attacks utilize various malware as a means of attacks for the attacker's malicious purposes. They are aimed to steal confidential information or seize control over major facilities after infiltrating the network of a target organization. Attackers generally create new malware or many different types of malware by using an automatic malware creation tool which enables remote control over a target system easily and disturbs trace-back of these attacks. The paper proposes a generation method of malware behavior patterns as well as the detection techniques in order to detect the known and even unknown malware efficiently. The behavior patterns of malware are generated with Multiple Sequence Alignment (MSA) of API call sequences of malware. Consequently, we defined these behavior patterns as a "feature-chain" of malware for the analytical purpose. The initial generation of the feature-chain consists of extracting API call sequences with API hooking library, classifying malware samples by the similar behavior, and making the representative sequences from the MSA results. The detection mechanism of numerous malware is performed by measuring similarity between API call sequence of a target process (suspicious executables) and feature-chain of malware. By comparing with other existing methods, we proved the effectiveness of our proposed method based on Longest Common Subsequence (LCS) algorithm. Also we evaluated that our method outperforms other antivirus systems with 2.55 times in detection rate and 1.33 times in accuracy rate for malware detection.
- KSP Keywords
- API call sequence, API hooking, Accuracy Rate, Behavior pattern, Cyber attacks, Longest Common Subsequence, Malware detection, Multiple sequence alignment(MSA), Trace-back, chain based, confidential information