Zero-day malware detection based on supervised learning algorithms of API call signatures

Conferences in Research and Practice in Information Technology Series

Volumn 121, Issue , 2010, Pages 171-182

  Alazab, Mamoun ^a   Venkatraman, Sitalakshmi ^a   Watters, Paul ^a   Alazab, Moutaz ^b  

^a UNIVERSITY OF BALLARAT   (Australia)

^b DEAKIN UNIVERSITY   (Australia)

Author keywords

API; Intrusion detection; Malware; Obfuscation

Indexed keywords

API; API CALLS; AUTOMATED DATA MINING; AUTOMATED TOOLS; BACK PROPAGATION NEURAL NETWORKS; CODE OBFUSCATION; DATA MINING ALGORITHM; DATA MINING FRAMEWORKS; DATA MINING TECHNIQUES; EXPERIMENTAL ANALYSIS; EXPERIMENTAL INVESTIGATIONS; FALSE POSITIVE; K NEAREST NEIGHBOR ALGORITHM; LARGE DATASETS; MALWARE DETECTION; MALWARES; NOVEL TECHNIQUES; OBFUSCATION; RADIAL BASIS FUNCTIONS; SEQUENTIAL MINIMAL OPTIMIZATION ALGORITHMS; TRUE POSITIVE RATES;

COMPUTER CRIME; DECISION TREES; INFORMATION TECHNOLOGY; INTRUSION DETECTION; LEARNING ALGORITHMS; NEURAL NETWORKS; OPTIMIZATION; RADIAL BASIS FUNCTION NETWORKS; RESEARCH;

DATA MINING;

EID: 84870509534     PISSN: 14451336     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Article

References (39)

1. Alazab, M 2010, 'Static Analysis of Obfuscated Malware', in Annual Research Conference, Ballarat, p. 17.
2. Alazab, M, Layton, R, Venkatraman, S & Watters, P 2010, 'Malware Detection Based on Structural and Behavioural Features of API calls', in the 1st International Cyber Resilience Conference, Perth Western Australia, pp. 1-10.
3. Alazab, M, Venkatraman, S & Watters, P 2009, 'Effective digital forensic analysis of the NTFS disk image', Ubiquitous Computing and Communication Journal, vol. 4, no. 1, pp. 551- 8.
4. Alazab, M, Venkatraman, S & Watters, P 2010, 'Towards Understanding Malware Behaviour by the Extraction of API Calls', in Cybercrime and Trustworthy Computing, Workshop, Ballarat, pp. 52-9.
5. Bhattacharyya, S.; Jha, S.; Tharakunnel, K.; Westland, J.C. 2011 'Data mining for credit card fraud: A comparative study', Decision Support Systems, vol. 50, Issue 3, pp. 602-613
6. Bruschi, D, Martignoni, L & Monga, M 2006, 'Detecting Self-mutating Malware Using Control-Flow Graph Matching', in R Büschkes & P Laskov (eds), Detection of Intrusions and Malware & Vulnerability Assessment, Springer Berlin / Heidelberg, vol. 4064, pp. 129-43.
7. Chang, H & Atallah, M 2002, 'Protecting Software Code by Guards', in T Sander (ed.), Security and Privacy in Digital Rights Management, Springer Berlin / Heidelberg, vol. 2320, pp. 125-41.
8. Choi, S, Park, H, Lim, H-i & Han, T 2009, 'A static API birthmark for Windows binary executables', Journal of Systems and Software, vol. 82, no. 5, pp. 862-73.
9. Ferrie, P & Szor, P 2001, 'Zmist opportunities', Virus Bulletin, pp. 6-7.
10. Frawley, W, Piatetsky-shapiro, G & Matheus, C 1992, 'Knowledge discovery in databases: An overview', Al Magazine, vol. 13, no. 3, pp. 213-28.
11. Hand, DJ, Mannila, H & Smyth, P 2001, Principles of data mining, The MIT press
12. Kolter, JZ & Maloof, MA 2006, 'Learning to Detect and Classify Malicious Executables in the Wild', J. Mach. Learn. Res., vol. 7, pp. 2721-44.
13. Kuncheva, LI 2006, 'On the optimality of NaIve Bayes with dependent binary features', Pattern Recognition Letters, vol. 27, no. 7, pp. 830-7.
14. Linn, C & Debray, S 2003, 'Obfuscation of executable code to improve resistance to static disassembly', in 10th ACM conference on Computer and communications security Washington, DC, USA, pp. 290-9.
15. Malan, DJ & Smith, MD 2005, 'Host-based detection of worms through peer-to-peer cooperation', paper presented to Proceedings of the 2005 ACM workshop on Rapid malcode, Fairfax, VA, USA
16. MetaPHOR 2010, W32.Simile, Symantec Enterprise Security,.
17. Park, H, Choi, S, Lim, H-i & Han, T 2008a, 'Detecting code theft via a static instruction trace birthmark for Java methods', in International Conference on Industrial Informatics, Daejeon pp. 551-6.
18. Park, H, Choi, S, Lim, H-I & Han, T 2008b, 'Detecting Java Theft Based on Static API Trace Birthmark', in K Matsuura & E Fujisaki (eds), Advances in Information and Computer Security, Springer Berlin / Heidelberg, vol. 5312, pp. 121-35.
19. Perriot, F & Ferrie, P 2004, 'Principles and practise of xraying', in Virus Bulletin Conference pp. 1- 17.
20. Rabek, JC, Khazan, RI, Lewandowski, SM & Cunningham, RK 2003, 'Detection of injected, dynamically generated, and obfuscated malicious code', paper presented to Proceedings of the 2003 ACM workshop on Rapid malcode, Washington, DC, USA
21. RSA 2011, 'The Current State of Cybercrime and What to Expect in 2011', RSA 2011 cybercrime trends report
22. Santos, I, Penya, YK, Devesa, J & Bringas, P 2009, 'Ngrams-based file signatures for malware detection', in pp. 317-20.
23. Shankarapani, M, Kancherla, K, Ramammoorthy, S, Movva, R & Mukkamala, S 2010, 'Kernel machines for malware classification and similarity analysis', in The 2010 International Joint Conference on Neural Networks, Barcelona pp. 1-6.
24. Sharif, M, Yegneswaran, V, Saidi, H, Porras, P & Lee, W 2008, 'Eureka: A Framework for Enabling Static Malware Analysis', in S Jajodia & J Lopez (eds), Computer Security - ESORICS 2008, Springer Berlin / Heidelberg, vol. 5283, pp. 481-500.
25. Stolfo, S, Wang, K & Li, W-j 2005, 'Fileprints: Identifying File Types by n-gram Analysis', in IEEE Workshop on Information Assurance United States Military Academy, West Point, NY
26. Sung, AH, Xu, J, Chavez, P & Mukkamala, S 2004, 'Static analyzer of vicious executables (SAVE)', in 20th Annual Computer Security Applications Conference,, Tucson, AZ, USA, pp. 326-34.
27. Symantec Enterprise Security 1997, 'Understanding Heuristics: Symantec's Bloodhound Technolog', Virus Bulletin, vol. XXXIV.
28. Symantec Enterprise Security 2009, 'Symantec Global Internet Security Threat Report Trends for 2008', Symantec Enterprise Security, vol. XIV.
29. Symantec Enterprise Security 2010, 'Symantec Internet Security Threat Report: Trends for 2009', Symantec Enterprise Security, vol. XV.
30. Symantec Enterprise Security 2011, 'Symantec Internet Security Threat Report: Trends for 2010', Symantec Enterprise Security, vol. 16.
31. Tamada, H, Okamoto, K, Nakamura, M, Monden, A & Matsumoto, K-i 2006, 'Dynamic software birthmarks based on API calls', IEICE Transactions on Information and Systems, vol. 89, no. 8, pp. 1751-63.
32. Tang, K, Zhou, M-T & Zuo, Z-H 2010, 'An Enhanced Automated Signature Generation Algorithm for Polymorphic Malware Detection', Journal of Electronic Science and Technology, vol. 8, no. 2, pp. 114-21.
33. Venkatraman, S 2009, 'Autonomic Context-Dependent Architecture for Malware Detection', in e-Tech 2009, International Conference on e-Technology, Singapore, pp. 2927-47.
34. Venkatraman, S. (2010). Self-Learning Framework for Intrusion Detection, Proceedings of The 2010 International Congress on Computer Applications and Computational Science (CACS 2010), 4-6 December, Singapore, ISBN 978-981-08-6846-8, pp. 517-520.
35. VX Heavens 2011, VX Heavens Site, retrieved 2/3 2011, .
36. Wang, C, Pang, J, Zhao, R, Fu, W & Liu, X 2009, 'Malware Detection Based on Suspicious Behavior Identification', in First International Workshop on Education Technology and Computer Science, Wuhan, Hubei, China, vol. 2, pp. 198-202.
37. Witten, H & Frank, E 2010, Data mining: Practical machine learning tools and techniques, 3.6.4 edn, San Francisco, CA, .
38. Yanfang, Y, Tao, L, Qingshan, J & Youyu, W 2010, 'CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection', Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, vol. 40, no. 3, pp. 298-307.
39. Ye, Y, Wang, D, Li, T & Ye, D 2007, 'IMDS: intelligent malware detection system', paper presented to Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, San Jose, California, USA