Abstract
This paper proposes a scalable approach for distinguishing malicious files from clean files by investigating the behavioural features using logs of various API calls. We also propose, as an alternative to the traditional method of manually identifying malware files, an automated classification system using runtime features of malware files. For both projects, we use an automated tool running in a virtual environment to extract API call features from executables and apply pattern recognition algorithms and statistical methods to differentiate between files. Our experimental results, based on a dataset of 1368 malware and 456 cleanware files, provide an accuracy of over 97% in distinguishing malware from cleanware. Our techniques provide a similar accuracy for classifying malware into families. In both cases, our results outperform comparable previously published techniques.
Original language | English |
---|---|
Title of host publication | Malware 2010 |
Subtitle of host publication | 5th proceedings |
Place of Publication | Piscataway, NJ |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 23-30 |
Number of pages | 8 |
ISBN (Electronic) | 9781424493562 |
DOIs | |
Publication status | Published - 2010 |
Event | IEEE International Conference on Malicious and Unwanted Software - Nancy, Lorraine, France, France Duration: 19 Oct 2010 → 20 Oct 2010 |
Conference
Conference | IEEE International Conference on Malicious and Unwanted Software |
---|---|
Country/Territory | France |
Period | 19/10/10 → 20/10/10 |