Malicious Behavior Detection based on Extracted Features from APIs for Windows Platforms

Malicious Behavior Detection based on Extracted Features from APIs for Windows Platforms
Title:
Malicious Behavior Detection based on Extracted Features from APIs for Windows Platforms
Other Titles:
DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop
DOI:
Publication Date:
09 December 2019
Citation:
Abstract:
Many malicious behavior detection approaches rely on dynamic features that are extracted from Application Programming Interfaces (APIs), which represent the run-time behavior of programs. Most API-based malicious behavior detection techniques highly focus on measuring the statistical features of API calls such as finding the frequency (e.g., how many times a specific API is called) or recognizing the sequence pattern of API calls. However, such detectors can be easily evaded and bypassed by malware authors who would interrupt the sequence by basically hooking and shuffling the API calls or deleting/inserting the irrelevant calls. Also, most proposed API-based malicious behavior detectors would either consider only the API calls (e.g., function names) without taking into account their arguments information (e.g., function parameters) or incur a prohibitive cost, such as requiring complex operations to deal with the arguments (e.g., proficient knowledge about the types of the arguments and/or powerful computers to extract them). As relying on API calls alone is insufficient to understand the purpose of the program, we propose a low-cost malicious behavior detection approach that can extract APIs dynamic features by studying the API calls together with their arguments using machine learning. Experimental results show that our approach achieves an accuracy of over 98.24% with two different datasets, and outperforms the state-of-the-art malicious behavior detection techniques.
License type:
PublisherCopyrights
Funding Info:
Description:
ISBN:

Files uploaded:
File Size Format Action
There are no attached files.