Skip to main content
SpringerLink
Log in

Study on Malicious Code Behavior Detection Using Windows Filter Driver and API Call Sequence

  • Conference paper
  • First Online:
Advances in Computer Science and Ubiquitous Computing (CUTE 2017, CSA 2017)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 474))

Abstract

As the internet environment has been developed recently, threats and damage to malicious codes are increasing day by day. Most of the damage is caused by new and variant malicious codes because of the vulnerability of Endpoint. Most of the Anti-Virus used in endpoints run on a signature basis, and as intelligence on malicious code is developed, the detection rate of existing Anti-Virus is declining. Therefore, there is a need for a technology capable of handling new and variant malicious codes in real time on the endpoint. In this paper, we present a method for analyzing behaviors of malicious code using behavioral analysis of the Windows kernel function call sequence.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AhnLab: AhnLab Security Emergency Center Report, vol. 84, December 2016

    Google Scholar 

  2. McAfee: McAfee Labs Threat Report: Together is Power, June 2017

    Google Scholar 

  3. Symantec: Internet Security Threat Report, vol. 21, April 2016

    Google Scholar 

  4. Han, S.-W., Lee, S.-J.: Packed PE file detection for malware forensics. KIPS Trans. PartC 16(5), 555–562 (2009)

    Article  Google Scholar 

  5. Kang, T., Cho, J., Chung, M., Moon, J.: Malware detection via hybrid analysis for API call. J. Korea Inst. Inf. Secur. Cryptol. 17(6), 89–98 (2007)

    Google Scholar 

  6. Han, K.-S., Kim, I.-K., Im, E.-G.: Malware family classification method using API sequential characteristic. J. Secur. Eng. 8(2), 4 (2011)

    Google Scholar 

  7. Hong, M.: A study on security technology of intelligent act detection based on CPU. A master’s thesis, Hongik University Graduate School (2016)

    Google Scholar 

  8. Probert, D.: Architecture of the Windows Kernel, v1.0a. Microsoft Corporation, MS/HP (2008)

    Google Scholar 

Download references

Acknowledgments

This research was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2018-2016-0-00304) supervised by the IITP (Institute for Information & communications Technology Promotion).

Author information

Authors and Affiliations

  1. Department of Computer Science Engineering, Chungnam National University, Daejeon, South Korea

    Kangsik Shin & Yoojae Won

Authors
  1. Kangsik Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yoojae Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yoojae Won .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science and Technology, Seoul, Korea (Republic of)

    James J. Park

  2. Department of Business Science, University of Salerno, Salerno, Italy

    Vincenzo Loia

  3. Department of Multimedia Engineering, Dongguk University, Seoul, Soul-t’ukpyolsi, Korea (Republic of)

    Gangman Yi

  4. Department of Multimedia Engineering, Dongguk University, Seoul, Soul-t’ukpyolsi, Korea (Republic of)

    Yunsick Sung

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shin, K., Won, Y. (2018). Study on Malicious Code Behavior Detection Using Windows Filter Driver and API Call Sequence. In: Park, J., Loia, V., Yi, G., Sung, Y. (eds) Advances in Computer Science and Ubiquitous Computing. CUTE CSA 2017 2017. Lecture Notes in Electrical Engineering, vol 474. Springer, Singapore. https://doi.org/10.1007/978-981-10-7605-3_149

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7605-3_149

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7604-6

  • Online ISBN: 978-981-10-7605-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation