Malware detection based on mining API calls

Financial loss due to malware nearly doubles every two years. For instance in 2006, malware caused near 33.5 Million GBP direct financial losses only to member organizations of banks in UK. Recent malware cannot be detected by traditional signature based anti-malware tools due to their polymorphic a...

Full description

Bibliographic Details
Published in:Proceedings of the 2010 ACM Symposium on Applied Computing
Main Authors: Sami, Ashkan, Yadegari, Babak, Rahimi, Hossein, Peiravian, Naser, Hashemi, Sattar, Hamze, Ali
Format: Conference Object
Language:unknown
Published: Association for Computing Machinery 2010
Subjects:
sami
Online Access:https://doi.org/10.1145/1774088.1774303
http://researchrepository.napier.ac.uk/Output/2925498
id ftnapieruniv:oai:repository@napier.ac.uk:2925498
record_format openpolar
spelling ftnapieruniv:oai:repository@napier.ac.uk:2925498 2023-05-15T18:12:31+02:00 Malware detection based on mining API calls Sami, Ashkan Yadegari, Babak Rahimi, Hossein Peiravian, Naser Hashemi, Sattar Hamze, Ali 2010-03-22 https://doi.org/10.1145/1774088.1774303 http://researchrepository.napier.ac.uk/Output/2925498 unknown Association for Computing Machinery http://researchrepository.napier.ac.uk/Output/2925498 doi:https://doi.org/10.1145/1774088.1774303 10.1145/1774088.1774303 Conference Proceeding 2010 ftnapieruniv https://doi.org/10.1145/1774088.1774303 2023-01-12T23:44:13Z Financial loss due to malware nearly doubles every two years. For instance in 2006, malware caused near 33.5 Million GBP direct financial losses only to member organizations of banks in UK. Recent malware cannot be detected by traditional signature based anti-malware tools due to their polymorphic and/or metamorphic nature. Malware detection based on its immutable characteristics has been a recent industrial practice. The datasets are not public. Thus the results are not reproducible and conducting research in academic setting is difficult. In this work, we not only have improved a recent method of malware detection based on mining Application Programming Interface (API) calls significantly, but also have created the first public dataset to promote malware research.Our technique first reads API call sets used in a collection of Portable Executable (PE) files, then generates a set of discriminative and domain interpretable features. These features are then used to train a classifier to detect unseen malware. We have achieved detection rate of 99.7% while keeping accuracy as high as 98.3%. Our method improved state of the art technology in several aspects: accuracy by 5.24%, detection rate by 2.51% and false alarm rate was decreased from 19.86% to 1.51%. This project's data and source code can be found at http://home.shirazu.ac.ir/~sami/malware. Conference Object sami Edinburgh Napier Repository (Napier University Edinburgh) Proceedings of the 2010 ACM Symposium on Applied Computing 1020 1025
institution Open Polar
collection Edinburgh Napier Repository (Napier University Edinburgh)
op_collection_id ftnapieruniv
language unknown
description Financial loss due to malware nearly doubles every two years. For instance in 2006, malware caused near 33.5 Million GBP direct financial losses only to member organizations of banks in UK. Recent malware cannot be detected by traditional signature based anti-malware tools due to their polymorphic and/or metamorphic nature. Malware detection based on its immutable characteristics has been a recent industrial practice. The datasets are not public. Thus the results are not reproducible and conducting research in academic setting is difficult. In this work, we not only have improved a recent method of malware detection based on mining Application Programming Interface (API) calls significantly, but also have created the first public dataset to promote malware research.Our technique first reads API call sets used in a collection of Portable Executable (PE) files, then generates a set of discriminative and domain interpretable features. These features are then used to train a classifier to detect unseen malware. We have achieved detection rate of 99.7% while keeping accuracy as high as 98.3%. Our method improved state of the art technology in several aspects: accuracy by 5.24%, detection rate by 2.51% and false alarm rate was decreased from 19.86% to 1.51%. This project's data and source code can be found at http://home.shirazu.ac.ir/~sami/malware.
format Conference Object
author Sami, Ashkan
Yadegari, Babak
Rahimi, Hossein
Peiravian, Naser
Hashemi, Sattar
Hamze, Ali
spellingShingle Sami, Ashkan
Yadegari, Babak
Rahimi, Hossein
Peiravian, Naser
Hashemi, Sattar
Hamze, Ali
Malware detection based on mining API calls
author_facet Sami, Ashkan
Yadegari, Babak
Rahimi, Hossein
Peiravian, Naser
Hashemi, Sattar
Hamze, Ali
author_sort Sami, Ashkan
title Malware detection based on mining API calls
title_short Malware detection based on mining API calls
title_full Malware detection based on mining API calls
title_fullStr Malware detection based on mining API calls
title_full_unstemmed Malware detection based on mining API calls
title_sort malware detection based on mining api calls
publisher Association for Computing Machinery
publishDate 2010
url https://doi.org/10.1145/1774088.1774303
http://researchrepository.napier.ac.uk/Output/2925498
genre sami
genre_facet sami
op_relation http://researchrepository.napier.ac.uk/Output/2925498
doi:https://doi.org/10.1145/1774088.1774303
10.1145/1774088.1774303
op_doi https://doi.org/10.1145/1774088.1774303
container_title Proceedings of the 2010 ACM Symposium on Applied Computing
container_start_page 1020
op_container_end_page 1025
_version_ 1766185036078383104

Similar Items