Malware Detection Using API Function Frequency with Ensemble Based Classifier

作者: Pratiksha Natani , Deepti Vidyarthi

DOI: 10.1007/978-3-642-40576-1_37

关键词: Classifier (UML)Application programming interfaceArtificial intelligenceComputer scienceDirectoryBoosting (machine learning)UploadUnavailabilityMalwareFeature vectorData miningMachine learning

摘要: Malicious code, known as malware, when executed can steal information, damage the system or may cause unavailability of resources. In order to safeguard information systems from effective detection malware is a top priority task. Malware exhibits malicious behaviors like connecting remote host, downloading file creating in directory etc. These be mapped functions used by files which are imported system’s dynamic link libraries i.e. Application programming interface (API) functions. Hence, we propose technique detect using API function frequency feature vector for classifying file. We use Ensemble based classifier classification, it proven stable and robust classification technique. Experiments conducted over 200 classified effectively. Bagging ensemble provides better results compared boosting. Comparison with other techniques also listed.

参考文章(10)
Gabriele Zenobi, Pádraig Cunningham, Using diversity in preparing ensembles of classifiers based on different feature subsets to minimize generalization error european conference on machine learning. pp. 576- 587 ,(2001) , 10.1007/3-540-44795-4_49
Lior Rokach, Ensemble Methods for Classifiers Data Mining and Knowledge Discovery Handbook. pp. 957- 980 ,(2005) , 10.1007/0-387-25465-X_45
Kyoung Soo Han, Boojoong Kang, Eul Gyu Im, Malware classification using instruction frequencies research in applied computation symposium. pp. 298- 300 ,(2011) , 10.1145/2103380.2103441
Eitan Menahem, Asaf Shabtai, Lior Rokach, Yuval Elovici, Improving malware detection by applying multi-inducer ensemble Computational Statistics & Data Analysis. ,vol. 53, pp. 1483- 1494 ,(2009) , 10.1016/J.CSDA.2008.10.015
Manuel Egele, Theodoor Scholte, Engin Kirda, Christopher Kruegel, A survey on automated dynamic malware-analysis techniques and tools ACM Computing Surveys. ,vol. 44, pp. 6- ,(2008) , 10.1145/2089125.2089126
Pele Li, Mehdi Salour, Xiao Su, A survey of internet worm detection and containment IEEE Communications Surveys and Tutorials. ,vol. 10, pp. 20- 35 ,(2008) , 10.1109/COMST.2008.4483668
Ochul Kwon, Seongjae Bae, Jaeik Cho, Jongsub Moon, Study of fuzzy clustering methods for malicious codes using native API call frequency 2009 IEEE Symposium on Computational Intelligence in Cyber Security. pp. 24- 29 ,(2009) , 10.1109/CICYBS.2009.4925086
Marcus A. Maloof, J. Zico Kolter, Learning to Detect and Classify Malicious Executables in the Wild Journal of Machine Learning Research. ,vol. 7, pp. 2721- 2744 ,(2006) , 10.5555/1248547.1248646
Grégoire Jacob, Hervé Debar, Eric Filiol, Behavioral detection of malware: from a survey towards an established taxonomy Journal in Computer Virology. ,vol. 4, pp. 251- 266 ,(2008) , 10.1007/S11416-008-0086-0
M.G. Schultz, E. Eskin, F. Zadok, S.J. Stolfo, Data mining methods for detection of new malicious executables ieee symposium on security and privacy. pp. 38- 49 ,(2001) , 10.1109/SECPRI.2001.924286