Title :
Malware Function Classification Using APIs in Initial Behavior
Author :
Kawaguchi, Naoto ; Omote, Kazumasa
Author_Institution :
Sch. of Inf. Sci., Japan Adv. Inst. of Sci. & Technol., Ishikawa, Japan
Abstract :
Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, estimating their functions in advance is effective when we give priority to analyze. However, estimating malware functions has been difficult due to the increasing sophistication of malware. Although various approaches for malware detection and classification have been considered, the classification accuracy is still low. In this paper, we propose a new classification method which estimates malware´s functions from APIs observed by dynamic analysis on a host. We examining whether the proposed method can correctly classify unknown malware based on function by machine learning. The results show that the our new method can classify each malware´s function with an average accuracy of 83.4%.
Keywords :
Internet; invasive software; learning (artificial intelligence); pattern classification; API; Internet; dynamic analysis; efficient malware analysis; illegal tools; initial behavior; machine learning; malware detection; malware function classification; malware proliferation; Accuracy; Data mining; Feature extraction; Machine learning algorithms; Malware; Software; Support vector machines; machine learning; malware classification;
Conference_Titel :
Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on
Conference_Location :
Kaohsiung
DOI :
10.1109/AsiaJCIS.2015.15
