Abstract
Though computer malicious software can be referred with different names such as virus, worm, Trojan, spam, and botnet, their ultimate goal is to causing damage to the end-computer or end-user. The progression in computer technology allows a malware writer to integrate obfuscation technique to evade detection specifically API hooking in Windows. Unfortunately, signature-based detection approach such as anti-virus software at the end-computer is not effective against system call reordering. To overcome this shortcoming, many different behavior-based approaches have been offered. However, these approaches bear limitations such as false positive, detecting zero-day attacks, and improving detection accuracy rate from past experience. In this article, an application programming interface (API)-based call graph model is put forward which captures API system call during malicious rootkit execution in Windows platform. As graph model can be effectively applied to replica complicated relation between entities, we opt it to visualize malicious rootkit behavior activities by monitoring system API calls. This will help the defender to optimally find malicious system calls from benign calls. Our simulated experiment analysis proves that our method achieves higher detection rate and accuracy with less false positive compared to existing techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Current malware statistics. https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2018-2019.pdf. Accessed on 2018/12/11
Bayer U, MilaniComparetti P, Hlauschek C, Kruegel C, Kirda E (2009) Scalable, behavior-based malware clustering. In: Proceedings of the NDSS, pp 8–11
Willems C, Holz T, Freiling F (2007) Toward automated dynamic malware analysis using CWSandbox. Secur Priv 2:32–39
Muthumanickam K, Ilavarasan E, Dwivedi SK (2013) A dynamic botnet detection model based on behavior analysis. Int J Recent Trends Eng Technol 1:104–111
Muthumanickam K, Ilavarasan E (2014) Enhancing malware detection accuracy through graph based model. Br J Math Comput Sci 4(15):2237–2250
Muthumanickam K, Ilavarasan E (2015) An effective method for protecting native API hook attacks in user-mode. Res J Appl Sci Eng Technol 9(1):33–39
Muthumanickam K, Ilavarasan E (2015) COPDA: concealed process and service discovery algorithm to reveal rootkit footprints. Malays J Comput Sci 28(1):1–15
Swiler LP, Phillips C, Ellis D, Chakerian S, Computer-attack graph generation tool. In: Proceedings of the DARPA information survivability conference, pp 307–321
Guo H, Pang J, Zhang Y, Yue F, Zhao R (2001) HERO: a novel malware detection framework based on binary translation. In: Proceedings of IEEE international conference ICIS, 2010, pp 411–415
Muthumanickam K, Ilavarasan E (2012) Automatic generation of P2P botnet network attack graph. In: Das VV (ed) Proceedings of the third international conference on advances in information on technology and engineering. Springer, New York, pp 288–293
Nath HV, Mehtre BM (2014) Static malware analysis using machine learning methods. In: MartÃnez Pérez G, Thampi SM, Ko R, Shu L (eds) Proceedings of recent trends in computer networks and distributed systems security: second international conference, SNDS 2014, Trivandrum, India. Springer, Berlin, 13–14 Mar 2014, pp 440–450
Oehmen CS, Peterson ES, Phillips AR, Curtis DS (2013) A biosequence-based approach to software characterization. In: Proceedings of the IEEE international conference on intelligence and security informatics, pp 330–332
Automated malware analysis—Cuckoo Sandbox. http://www.cuckoosandbox.org/. Accessed 2018/12/10
Pirscoveanu RS, Hansen SS, Larsen TMT, Stevanovic M, Pedersen JM, Czech A (2015) Analysis of malware behavior: type classification using machine learning. In: Proceedings of the international conference on cyber situational awareness, data analytics and assessment (CyberSA), pp 1–7
Elhadi AAE, Maarof MA, Barry BIA, Hamza H (2014) Enhancing the detection of metamorphic malware using call graphs. Comput Secur 46:62–78
Mehra V, Jain V, Uppal D (2015) DaCoMM: detection and classification of metamorphic malware. In: Proceedings of the fifth international conference on communication systems and network technologies, pp 668–673
Khodamoradi P, Fazlali M, Mardukhi F, Nosrati M (2016) Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithm. In: Proceedings of the 18th CSI international symposium on computer architecture and digital systems (CADS)
Mosli R, Li, R, Yuan B, Pan Y (2016) Automated malware detection using artifacts in forensic memory images. In: Proceedings of the IEEE symposium on technologies for homeland security (HST), pp 1–6
Alabbas W, Al-Khateeb HM, Mansour A (2016) Arabic text classification methods: systematic literature review of primary studies. In: Proceedings of the 4th IEEE international colloquium on information science and technology (CiSt), Tangier, pp 361–367
O’kane P, Sezer S, McLaughlin K (2016) Detecting obfuscated malware using reduced Opcode set and optimised runtime trace. Secur Inform 5(2):2–10
Salehi Z, Sami A, Ghiasi M (2017) MAAR: robust features to detect malicious activity based on API calls, their arguments and return values. Int J Eng Appl Artif Intell 59(1):95–98
Bolton AD, Anderson-Cook CM (2017) APT malware static trace analysis through bigrams and graph edit distance. Stat Anal Data Min 10(3):182–193
Muthumanickam K, Ilavarasan E (2015) Optimization of rootkit revealing system resources—a game theoretic approach. J King Saud Univ Comput Inf Sci 27(4):386–392
Krishnan M, Egambaram L (2020) PAM: process authentication mechanism for protecting system services against malicious code attacks. Sådhanå 45(141):1–12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pandiaraja, P., Muthumanickam, K., Palani Kumar, R. (2023). A Graph-Based Model for Discovering Host-Based Hook Attacks. In: Ogudo, K.A., Saha, S.K., Bhattacharyya, D. (eds) Smart Technologies in Data Science and Communication. Lecture Notes in Networks and Systems, vol 558. Springer, Singapore. https://doi.org/10.1007/978-981-19-6880-8_1
Download citation
DOI: https://doi.org/10.1007/978-981-19-6880-8_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-6879-2
Online ISBN: 978-981-19-6880-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)