Browser function calls modeling for banking malware detection

Financial service providers are moving many services on-line to reduce their costs and facilitate customers´ interaction. Criminals have quickly found several ways to exploit multiple vulnerabilities to perpetrate attacks. Traditional signature based detection methods are nowadays easily circumvented due to the amount of new malware samples and the use of sophisticated evasion techniques. The contribution of this paper is twofold. First, we developed a new detection system based in the modeling of the browser execution behavior within an isolated environment. Second, we analyse the results of our system over a set of malware samples. Financial institutions are now playing an important role against malware that specifically affect their customers by deploying their own detection tools. However, most approaches tend to rely on the malware sample itself in order to deploy useless signatures or perform time consuming reverse engineering methods to understand malware actions, so our work aims to help them to be more proactive, implementing tools to protect themselves from new threats.