Malware Analysis using Multiple API Sequence Mining Control Flow Graph
| Autor: | Singh, Anishka, Arora, Rohit, Pareek, Himanshu |
|---|---|
| Rok vydání: | 2017 |
| Předmět: | |
| Druh dokumentu: | Working Paper |
| Popis: | Malwares are becoming persistent by creating full- edged variants of the same or different family. Malwares belonging to same family share same characteristics in their functionality of spreading infections into the victim computer. These similar characteristics among malware families can be taken as a measure for creating a solution that can help in the detection of the malware belonging to particular family. In our approach we have taken the advantage of detecting these malware families by creating the database of these characteristics in the form of n-grams of API sequences. We use various similarity score methods and also extract multiple API sequences to analyze malware effectively. Comment: We really appreciate your work. This one is smart, short, efficient and well explained. This is a quality work that deserves to be published. Just few questions, which are more about curiosity than something else... First, when you disassemble opcodes and draw the CFG, how you treat instructions such as: call rax, jmp rbx, movcc, jcc rcx |
| Databáze: | arXiv |
| Externí odkaz: |
|