Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.4.605

Malware Family Detection and Classification Method Using API Call Frequency  

Joe, Woo-Jin (Chungnam National University)
Kim, Hyong-Shik (Chungnam National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.4, 2021 , pp. 605-616 More about this Journal
Abstract
While malwares must be accurately identifiable from arbitrary programs, existing studies using classification techniques have limitations that they can only be applied to limited samples. In this work, we propose a method to utilize API call frequency to detect and classify malware families from arbitrary programs. Our proposed method defines a rule that checks whether the call frequency of a particular API exceeds the threshold, and identifies a specific family by utilizing the rate information on the corresponding rules. In this paper, decision tree algorithm is applied to define the optimal threshold that can accurately identify a particular family from the training set. The performance measurements using 4,443 samples showed 85.1% precision and 91.3% recall rate for family detection, 97.7% precision and 98.1% reproduction rate for classification, which confirms that our method works to distinguish malware families effectively.
Keywords
Malware; Family; Detection; Classification; API;
Citations & Related Records
연도 인용수 순위
  • Reference
1 wikipedia, "Hierarchical clustering", https://en.wikipedia.org/wiki/Hierarchical_clustering, Apr. 2021.
2 Cuckoo Sandbox, "Cuckoo Sandbox", https://cuckoosandbox.org/, Apr. 2021.
3 ranCert, "Ransomware", https://www.rancert.com/bbs/bbs.php?mode=view&id=679&bbs_id=news&page=8&part=&keyword=, Apr. 2021.
4 wikipedia, "Ransomeware", https://en.wikipedia.org/wiki/Ransomware, Apr. 2021.
5 Uppal, Dolly, et al. "Malware detection and classification based on extraction of API sequences." 2014 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp. 2337-2342, Sept. 2014.
6 Garg, Vidhi, and Rajesh Kumar Yadav. "Malware Detection based on API Calls Frequency." 2019 4th International Conference on Information Systems and Computer Networks (ISCON). IEEE, pp. 400-404, Nov. 2019.
7 Hansen, Steven Strandlund, et al. "An approach for detection and family classification of malware based on behavioral analysis." 2016 International conference on computing, networking and communications (ICNC). IEEE, pp. 1-5, March. 2016.
8 VirusTotal, "Virustotal" https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works, Apr. 2021.
9 wikipedia, "Silhouette", https://en.wikipedia.org/wiki/Silhouette_(clustering), Apr. 2021.
10 CrowdStrike, "Malware Type", https://www.crowdstrike.com/cybersecurity-101/malware/types-of-malware/, Apr. 2021.
11 Pang-Ning Tan, Introduction to Data Mining, Pearson Education, pp 588, 2019.
12 Alsulami, Bander, and Spiros Mancoridis. "Behavioral malware classification using convolutional recurrent neural networks." 2018 13th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, pp. 103-111, March. 2018.
13 Kumar, Nitish, and Toshanlal Meenpal. "Texture-Based Malware Family Classification." 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). IEEE, pp. 1-6, July. 2019.
14 Saxe, Joshua, and Konstantin Berlin. "Deep neural network based malware detection using two dimensional binary program features." 2015 10th International Conference on Malicious and Unwanted Software (MALWARE). IEEE, pp. 11-20, Oct. 2015.
15 Yuxin, Ding, and Zhu Siyi. "Malware detection based on deep learning algorithm." Neural Computing and Applications 31.2 (2019) pp. 461-472, July. 2017.   DOI
16 Sebastian, Marcos, et al. "Avclass: A tool for massive malware labeling." International symposium on research in attacks, intrusions, and defenses. Springer, Cham, pp. 230-253, Sept. 2016.