NtMalDetect: A Machine Learning Approach to Malware Detection Using Native API System Calls

02/15/2018
by   Chan Woo Kim, et al.
0

As computing systems become increasingly advanced and as users increasingly engage themselves in technology, security has never been a greater concern. In malware detection, static analysis has been the prominent approach. This approach, however, quickly falls short as malicious programs become more advanced and adopt the capabilities of obfuscating its binaries to execute the same malicious functions, making static analysis virtually inapplicable to newer variants. The approach assessed in this paper uses dynamic analysis of malware which may generalize better than static analysis to variants. Widely used document classification techniques were assessed in detecting malware by doing such analysis on system call traces, a form of dynamic analysis. Features considered are extracted from system call traces of benign and malicious programs, and the task to classify these traces is treated as a binary document classification task using sparse features. The system call traces were processed to remove the parameters to only leave the system call function names. The features were grouped into various n-grams and weighted with Term Frequency-Inverse Document Frequency. Support Vector Machines were used and optimized using a Stochastic Gradient Descent algorithm that implemented L1, L2, and Elastic-Net regularization terms, the best of which achieved a highest of 98 identification of significant system call sequences that could be avenues for further research.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
12/05/2021

Using Static and Dynamic Malware features to perform Malware Ascription

Malware ascription is a relatively unexplored area, and it is rather dif...
research
02/13/2018

Towards Generic Deobfuscation of Windows API Calls

A common way to get insight into a malicious program's functionality is ...
research
11/30/2021

New Datasets for Dynamic Malware Classification

Nowadays, malware and malware incidents are increasing daily, even with ...
research
10/24/2019

Neurlux: Dynamic Malware Analysis Without Feature Engineering

Malware detection plays a vital role in computer security. Modern machin...
research
10/18/2022

A Novel Feature Representation for Malware Classification

In this study we have presented a novel feature representation for malic...
research
03/09/2018

A Family of Droids: Analyzing Behavioral Model based Android Malware Detection via Static and Dynamic Analysis

As smartphones play an increasingly central role in our everyday lives, ...
research
09/11/2017

A Planning Approach to Monitoring Behavior of Computer Programs

We describe a novel approach to monitoring high level behaviors using co...

Please sign up or login with your details

Forgot password? Click here to reset