C4.5: programs for machine learning
C4.5: programs for machine learning
Fast training of support vector machines using sequential minimal optimization
Advances in kernel methods
Large Margin Classification Using the Perceptron Algorithm
Machine Learning - The Eleventh Annual Conference on computational Learning Theory
Machine Learning
Introduction to Data Mining, (First Edition)
Introduction to Data Mining, (First Edition)
Normalizing Metamorphic Malware Using Term Rewriting
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A study of cross-validation and bootstrap for accuracy estimation and model selection
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Malware detection based on mining API calls
Proceedings of the 2010 ACM Symposium on Applied Computing
Detecting metamorphic malwares using code graphs
Proceedings of the 2010 ACM Symposium on Applied Computing
A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API
Proceedings of the 3rd international conference on Security of information and networks
Malware classification based on call graph clustering
Journal in Computer Virology
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
PEAL--Packed executable analysis
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
Present day malware shows stealthy and dynamic capability and avails administrative rights to control the victim computers. Malware writers depend on evasion techniques like code obfuscation, packing, compression, encryption or polymorphism to avoid detection by Anti-Virus (AV) scanners as AV primarily use syntactic signature to detect a known malware. Our approach is based on semantic aspect of PE exectable that analyses API Call-grams to detect unknown malicious code. As in--exact source code is analysed, the machine is not infected by the executable. Moreover, static analysis covers all the paths of code which is not possible with dynamic behavioural methods as latter does not gurantee the execution of sample being analysed. Modern malicious samples also detect controlled virtual and emulated environments and stop the functioning. Semantic invariant approach is important as signature of known samples are changed by code obfuscation tools. Static analysis is performed by generating an API Call graph from control flow of an executable, then mining the Call graph as API Call-gram to detect malicious files.