• PDF / 89,716 Bytes
• 6 Pages / 439.37 x 666.142 pts Page_size
• 121 Downloads / 202 Views

DOWNLOAD

REPORT

2

Department of Computer Engineering, Yeungnam University, Gyeongsan, Gyeongbuk 38541, South Korea {f13521,1102lsw}@naver.com, [email protected] Department of Multimedia Engineering, Hanbat National University, Daejeon 34158, South Korea [email protected]

Abstract. Recently, as the rapid development of the Internet enabled easy downloading of diverse files, the number of cases of file download from unreliable paths has been increasing. This situation is advantageous in that accessibility to information is improved while being disadvantageous in that there is no defense against exposure to malware. The present paper proposes a method of judging whether programs are malicious based on Cuckoo Sandbox, which is a dynamic malware analysis system and classify the programs by comparing malware programs collected and classified in advance based on the dynamic API call counts of the programs. Keywords: Malware


Classification
Cuckoo Sandbox
API call count

1 Introduction Currently, the kinds and numbers of malware are rapidly increasing. In the times when personal information such as financial information is processed through the Internet, increases in malware indicate dangerous situations. In addition, as the number of cases of downloading diverse kinds of files through the Internet, the number of downloading of unreliable files has also increased. Downloading through unreliable paths are highly likely to lead to receiving programs infected with malware such as viruses and the Trojan horse so that the downloading user’s information is leaked unnoticed and the malware is propagated to other computers to cause secondary and third damage of information leakage.

This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIP) (No. NRF-2016R1A2B1012652, the MSIP(Ministry of Science, ICT and Future Planning, Korea, under the ITRC (Information Technology Research Center) support program (IITP-2016-R2718-16-0035) supervised by the IITP (National IT Industry Promotion Agency), the Basic Science Research Program through the NRF funded by the Ministry of Education (NRF-2015R1C1A1A02037561) and the 2016 Yeungnam University Research Grant. © Springer Nature Singapore Pte Ltd. 2017 J.J. (Jong Hyuk) Park et al. (eds.), Advances in Computer Science and Ubiquitous Computing, Lecture Notes in Electrical Engineering 421, DOI 10.1007/978-981-10-3023-9_147

A Study of Simple Classification of Malware

945

To respond to the foregoing problems, many studies are in progress to find ways to distinguish diverse kinds of malware. The present paper proposes a method of analyzing programs to classify the programs into different kinds of malware based on the dynamic API Call counts of the codes of the programs. The present paper is composed as follows. In Sect. 2, malware analysis methods using API and dynamic analysis related studies are introduced and in Sect. 3, background knowledge of API and Cuckoo Sandbox, which is the basis of the present study is explained. In Sect. 4.2, API extraction using m

Recommend Documents

A Malware Classification Method Based on the Capsule Network

165 73 66MB

SysDroid: a dynamic ML-based android malware analyzer using system call traces

143 57 3MB

A Malware Classification Method Based on Basic Block and CNN

201 62 87MB

A Static Birthmark of Binary Executables Based on API Call Structure

153 72 846KB

The effect of a simple phone call intervention on FIT-positive individuals: an exploratory study

153 58 204KB

Signed counts of real simple rational functions

180 28 946KB

Malware Classifications Based on Static-Dynamic Features and Factorization Machines

187 58 58MB

Malware Detection Based on Static and Dynamic Features Analysis

244 98 66MB

An Evaluation of Image-Based Malware Classification Using Machine Learning

257 69 102MB

A Scientometric Analysis of Malware Detection Research Based on CiteSpace

281 26 66MB

Malware Payload Dissection and Classification

169 68 50MB

GroDDViewer: Dynamic Dual View of Android Malware

209 37 13MB