Abstract
Conventional malware detection technologies have the limitation to detect malware because recent malware uses a variety of the avoidance techniques such as obfuscation, packing, anti-virtualization, anti-emulation, encapsulation technology in order to evade the detection of malware. To overcome this limitation, it is necessary to obtain new detection technology which is able to quickly analyze massive malware and its variants, and take the rapid response to cyber intrusion. Therefore in this paper, we proposed the malware detection and classification method and implementation of our system based on the dynamic analysis using the behavioral sequence of malware (API call sequence) and sequence alignment algorithm (MSA). Also we evaluated the effectiveness of our proposed method through the experiment.
Similar content being viewed by others
References
Kim, H., Khoo, W., Li, P.: Polymorphic attacks against sequence-based software birthmarks. In Proceeding of 2nd ACM SIGPLAN Workshop on Software Security and Protection (2012)
Cho, I., Kim, T., Shim, Y.J., Park, H., Choi, B., Im, E.: Malware similarity analysis using API sequence alignments. J. Internet Serv. Inf. Secur. 4(4), 103–114 (2014)
Chen, Y., Narayanan, A., Pang, S., Tao, B.: Multiple sequence alignment and artificial neural networks for malicious software detection. Proceedings of 8th International Conference on Natural Computation (ICNC), pp. 261–265. May 2012
Elhadi, A., Maarof, M., Barry, B.: Improving the detection of malware behavior using simplified data dependent API call graph. Int. J. Secur. Appl. 7(5), 29–42 (2013)
Thompson, J.D., Gibson, T.J., Higgins, D.G.: Multiple sequence alignment using ClustalW and ClustalX. Curr. Protoc. Bioinform. Chapter 2: Unit 2.3 (2002)
Polyanovsky, V., Roytberg, M., Tumanyan, V.: Comparative analysis of the quality of a global algorithm and a local algorithm for alignment of two sequences. Algorithms Mol. Biol. 6(1), 25 (2011)
Multiple Sequence Alignment.: Internet: http://www.ebi.ac.uk/Tools/msa/
Longest common subsequence problem, Wikipedia, Internet: https://en.wikipedia.org/wiki/Longest_common_subsequence_problem
Clustal: Multiple Sequence Alignment, Internet: http://www.clustal.org/
The MalShare Project.: http://malshare.com
VXVolt.: http://vxvault.net
WEKA Open Sources tools for Data Mining.: http://www.cs.waikato.ac.nz/ml/weka/
Acknowledgements
This work was supported by Institute for Information and communications Technology Promotion (IITP) Grant funded by the Korea Government (MSIP) (No. 2016-0-00078, Cloud-based Security Intelligence Technology Development for the Customized Security Service Provisioning).
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Kim, H., Kim, J., Kim, Y. et al. Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Comput 22 (Suppl 1), 921–929 (2019). https://doi.org/10.1007/s10586-017-1110-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-1110-2