Autosoft Journal

Online Manuscript Access


Malware Analysis and Classification Using Sequence Alignments


Authors



Abstract

With the increased uses of the Internet, the number of newly found malware keeps increasing every year. In addition, malware becomes more and more complex with various technologies, such as packing, anti-debugging, and so on. To defend against a large number of malware every day, the improvement of the analysis process is quite important. One way of expediting malware analysis processing is to classify unknown or new malware into known malware families. A malware family is a group of malware that share common modules and have similar malicious behaviors. This paper proposes a malware family classification framework using a sequence alignment method, which is widely used in the bioinformatics field. Our proposed framework can find common parts from invoked API sequences of malware, and these common API sequences can be used to find similar behaviors of malware variants. Since the sequence alignment methods usually have high performance overheads, our proposed framework used a couple of techniques to reduce the overheads. The proposed framework was tested with some malware families, and experimental results show that our mechanism can be used to classify malware families, because there are clear similarity differences between malware in the same family and malware in different families.


Keywords


Pages

Total Pages: 7
Pages: 371-377

DOI
10.1080/10798587.2015.1118916


Manuscript ViewPdf Subscription required to access this document

Obtain access this manuscript in one of the following ways


Already subscribed?

Need information on obtaining a subscription? Personal and institutional subscriptions are available.

Already an author? Have access via email address?


Published

Volume: 22
Issue: 3
Year: 2016

Cite this document


References

Alazab, Mamoun, Sitalakshmi Venkataraman, and Paul Watters. "Towards Understanding Malware Behaviour by the Extraction of API Calls." 2010 Second Cybercrime and Trustworthy Computing Workshop (2010): n. pag. Crossref. Web. https://doi.org/10.1109/CTC.2010.8

Altschul, Stephen F. et al. "Basic Local Alignment Search Tool." Journal of Molecular Biology 215.3 (1990): 403-410. Crossref. Web. https://doi.org/10.1016/S0022-2836(05)80360-2

Cho I. K. Journal of Internet Service and Information Security (JISIS)

Egele, Manuel et al. "A Survey on Automated Dynamic Malware-Analysis Techniques and Tools." ACM Computing Surveys 44.2 (2012): 1-42. Crossref. Web. https://doi.org/10.1145/2089125.2089126

Gandotra, Ekta, Divya Bansal, and Sanjeev Sofat. "Malware Analysis and Classification: A Survey." Journal of Information Security 05.02 (2014): 56-64. Crossref. Web. https://doi.org/10.4236/jis.2014.52006

Han K. S. International Journal of Information Security

Hunt G. Usenix Windows NT Symposium

Kang, BooJoong et al. "Malware Categorization Using Dynamic Mnemonic Frequency Analysis with Redundancy Filtering." Digital Investigation 11.4 (2014): 323-335. Crossref. Web. https://doi.org/10.1016/j.diin.2014.06.003

Natani, Pratiksha, and Deepti Vidyarthi. "Malware Detection Using API Function Frequency with Ensemble Based Classifier." Security in Computing and Communications (2013): 378-388. Crossref. Web. https://doi.org/10.1007/978-3-642-40576-1_37

Needleman, Saul B., and Christian D. Wunsch. "A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins." Journal of Molecular Biology 48.3 (1970): 443-453. Crossref. Web. https://doi.org/10.1016/0022-2836(70)90057-4

Saeed I. A. Analysis

Smith, T.F., and M.S. Waterman. "Identification of Common Molecular Subsequences." Journal of Molecular Biology 147.1 (1981): 195-197. Crossref. Web. https://doi.org/10.1016/0022-2836(81)90087-5

Wagener, Gérard, Radu State, and Alexandre Dulaunoy. "Malware Behaviour Analysis." Journal in Computer Virology 4.4 (2007): 279-287. Crossref. Web. https://doi.org/10.1007/s11416-007-0074-9

Willems, Carsten, Thorsten Holz, and Felix Freiling. "Toward Automated Dynamic Malware Analysis Using CWSandbox." IEEE Security and Privacy Magazine 5.2 (2007): 32-39. Crossref. Web. https://doi.org/10.1109/MSP.2007.45

JOURNAL INFORMATION


ISSN PRINT: 1079-8587
ISSN ONLINE: 2326-005X
DOI PREFIX: 10.31209
10.1080/10798587 with T&F
IMPACT FACTOR: 0.652 (2017/2018)
Journal: 1995-Present




CONTACT INFORMATION


TSI Press
18015 Bullis Hill
San Antonio, TX 78258 USA
PH: 210 479 1022
FAX: 210 479 1048
EMAIL: tsiepress@gmail.com
WEB: http://www.wacong.org/tsi/