A study on extraction of optimized API sequence length and combination for efficient malware classification |
Choi, Ji-Yeon
(Korea Institute of Science and Technology Information)
Kim, HeeSeok (Korea Institute of Science and Technology Information) Kim, Kyu-Il (Korea Institute of Science and Technology Information) Park, Hark-Soo (Korea Institute of Science and Technology Information) Song, Jung-Suk (Korea Institute of Science and Technology Information) |
1 | Changwook Park, Hyunji Chung, Kwangseok Seo and Sangjin Lee "Research on the Classification Model of Similarity Malware using Fuzzy Hash," Journal of The Korea Institute of Information Security & Cryptology, 22(6), pp. 132 5-1336, Dec. 2012 과학기술학회마을 |
2 | OllyDbg, available at http://www.dllydbg.de/ [Accessed: 1th September 2014] |
3 | Immunity Debugger, available at http://www.immunityinc.com/ [Accessed: 1th September 2014] |
4 | IDA Pro, available at https://www.hex-rays.com [Accessed: 1th September 2014] |
5 | R.Tian, L.M.Batten, and S.C.Versteeg, "Function length as a tool for malware classification," Proceedings of the 3rd International Conference on Malware 2008, pp. 69-76, Oct. 2008. |
6 | Ronghua Tian, Lynn Batten, Rafiqul Islam, and Steve Versteeg, "An automated classification system based on the strings of trojan and virus families," 4th International Conference on Malic ious and Unwanted Software 2009, pp. 23-30, Oct. 2009. |
7 | Qi-Guang Miao, Yun-Wang, and Ying -Cao, "APICapture - a tool for monitoring the behavior of malware," 2010 3rd International Conference on Advanced Computer Theory and Engineering, pp. 390-394, Aug. 2010. |
8 | M.Biley, J.Oberheid, J.Andersen, and Z.Morley Mao, F.Jahanian, and J.Nazario, "Automated classification and analysis of Internet malware," Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, LNCS 4637, pp. 178-197, 2007. |
9 | U.Bayer, P.M.Comparetti, C.Hlau sc hek, and C.Kruegel, (2009) "Scalable, behavior- based malware clustering," Proceedings of the 16th Annual Network and Distributed System Security Symposium 2009, Feb. 2009. |
10 | Portable Executable, Wikipedia, available at http://ko.wikipedia.org/wiki/PE_%ED%8F%AC%EB%A7%B7 [Accessed: 1th September 2014] |
11 | Kyoung-Soo Han, In-Kyoung Kim, and Eul-Gyu Im, "Malware Family Classification Method using API Sequential Characteristic," Journal of Security Engineering, 8(2), pp. 319-335, Apr. 2011 |
12 | Kazuki Iwamoto and Katsumi Wasaki, "Malware classification based on extracted API Sequences using static analysis," 12 Proceedings of the Asian Internet Engineering Conference, pp. 31-38, Nov. 2012. |
13 | Vinod P, H.Jain, Y.K.Golecha, M.S. Gaur, and V.Laxmi, "MEDUSA: Metamorphic malware dynamic analysis using signature from API," Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 263-269, Sep. 2010. |
14 | Younghee Park, Douglas Reeves, Vik ram Mulukutla, and Balaji Sunda ravel, "Fast malware classification by automated behavioral graph matching," Proceedings of the 6th Annual Workshop on Cyber Security and Information Intelligence Research, Apr. 2010. |
15 | N-gram, Wikipedia, available at http://en.wikipedia.org/wiki/N-gram [Accessed: 1th September 2014] |
16 | I.Jolliffe, Principal component analysis, 2nd Ed., Springer, 488 p, 2002 |
17 | Science&Technology Security Center, available at http://www.sntsec.or.kr/ [Accessed: 1th September 2014] |
18 | Virustotal homepage, available at https://www.virustotal.com/ko/ [Accessed: 1th September 2014] |
19 | Antivirus and Threat Report: January 2014, available at http://www.opswat .com/about/media/reports/antivirusjanuary- 2014 [Accessed: 1th September 2014] |
20 | Cuckoosandbox homepage, available at http://www.cuckoosandbox.org/ [Accessed: 1th September 2014] |
21 | Chaetae Im, JooHyung Oh, and Hyuncheol Jeong, "Study of Technical Trends and Analysis Method of Recent Malware," Journal of The Korea Information Science Society, 28(11), pp. 117-126, Nov. 2010 과학기술학회마을 |
22 | Ekta Gandotra, Divya Bansal, and Sanjeev Sofat, "Malware analysis and classification a survey," Journal of Information Security, vol. 5, no. 2, pp. 56-64, Apr. 2014 DOI |
23 | API, Wikipedia, available at http://ko.wikipedia.org/wiki/API [Accessed: 1th September 2014] |