Advertisement

Studying the Influence of Static API Calls for Hiding Malware

  • Alejandro Martín
  • Héctor D. Menéndez
  • David Camacho
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9868)

Abstract

Malware detection has become a challenging task over the last few years. Different concealment strategies such as packing compression, polymorphic encryption and metamorphic obfuscation have produced that malware Analysts need to find more original techniques to discriminate whether a file is malware or not. One of the current benchmark techniques is static analysis of API Calls. This technique aims to detect malware using the API Calls information extracted from the malware files. In this work, we aim to show a complete study of this technique using a behavioural model, built through an evolutionary process, in order to define possible limitations. For this analysis we will use a benchmark dataset to study the discrimination between malware and benignware and evaluate how malware writers are trying to imitate benign behaviour in order to defeat this technique.

Keywords

Malware Genetic algorithms Evolutionary computation Behavioural models Clustering 

Notes

Acknowledgements

This work has been supported by the next research projects: EphemeCH (TIN2014-56494-C4-4-P) Spanish Ministry of Economy and Competitivity, CIBERDINE S2013/ICE-3095, both under the European Regional Development Fund FEDER, and SeMaMatch EP/K032623/1.

References

  1. 1.
    Apel, M., Bockermann, C., Meier, M.: Measuring similarity of malware behavior. In: Proceedings - Conference on Local Computer Networks, LCN, pp. 891–898 (2009)Google Scholar
  2. 2.
    Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. Sophia 272(3), 51–88 (2009)Google Scholar
  3. 3.
    Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy (S&P 2005), pp. 32–46. IEEE (2005)Google Scholar
  4. 4.
    Gheorghescu, M.: An automated virus classification system. In: Virus Bulletin Conference (2005)Google Scholar
  5. 5.
    Idika, N., Mathur, A.P.: A survey of malware detection techniques. Purdue University (2007)Google Scholar
  6. 6.
    Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251–266 (2008)CrossRefGoogle Scholar
  7. 7.
    Li, J., Xu, J., Xu, M., Zhao, H., Zheng, N.: Malware obfuscation measuring via evolutionary similarity. In: 1st International Conference on Future Information Networks, ICFIN, pp. 197–200 (2009)Google Scholar
  8. 8.
    Jolliffe, I.: Principal Component Analysis. Wiley Online Library, New York (2002)MATHGoogle Scholar
  9. 9.
    Martín, A., Menéndez, H.D., Camacho, D.: Genetic boosting classification for malware detection. In: IEEE Congress on Evolutionary Computation (CEC). IEEE (2016)Google Scholar
  10. 10.
    Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421–430. IEEE, December 2007Google Scholar
  11. 11.
    Ramadass, S.: Malware detection based on evolving clustering method for classification. Sci. Res. Essays 7, 2031–2036 (2012)Google Scholar
  12. 12.
    Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)CrossRefGoogle Scholar
  13. 13.
    Sami, A., Yadegari, B., Peiravian, N., Hashemi, S., Hamze, A.: Malware detection based on mining API calls. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, p. 1020. ACM Press, New York, March 2010Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Alejandro Martín
    • 1
  • Héctor D. Menéndez
    • 2
  • David Camacho
    • 1
  1. 1.Universidad Autónoma de MadridMadridSpain
  2. 2.University College LondonLondonUK

Personalised recommendations