Pektaş et al., 2018 - Google Patents
Malware classification based on API calls and behaviour analysisPektaş et al., 2018
View PDF- Document ID
- 61740704794530236
- Author
- Pektaş A
- Acarman T
- Publication year
- Publication venue
- IET Information Security
External Links
Snippet
This study presents the runtime behaviour‐based classification procedure for Windows malware. Runtime behaviours are extracted with a particular focus on the determination of a malicious sequence of application programming interface (API) calls in addition to the file …
- 238000004458 analytical method 0 title description 35
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pektaş et al. | Malware classification based on API calls and behaviour analysis | |
| Pektaş et al. | Classification of malware families based on runtime behaviors | |
| Alsaheel et al. | {ATLAS}: A sequence-based learning approach for attack investigation | |
| Zhang et al. | Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware | |
| Gibert et al. | The rise of machine learning for detection and classification of malware: Research developments, trends and challenges | |
| Han et al. | Unicorn: Runtime provenance-based detector for advanced persistent threats | |
| Fan et al. | Malicious sequential pattern mining for automatic malware detection | |
| Mohaisen et al. | AMAL: high-fidelity, behavior-based automated malware analysis and classification | |
| Singh et al. | Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms | |
| Raff et al. | A survey of machine learning methods and challenges for windows malware classification | |
| Chumachenko | Machine learning methods for malware detection and classification | |
| Tang et al. | Dynamic API call sequence visualisation for malware classification | |
| Rabadi et al. | Advanced windows methods on malware detection and classification | |
| Gupta et al. | Big data framework for zero-day malware detection | |
| Jang et al. | Mal‐Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph | |
| Luckett et al. | Identifying stealth malware using CPU power consumption and learning algorithms | |
| Yagemann et al. | Barnum: Detecting document malware via control flow anomalies in hardware traces | |
| Okane et al. | Malware detection: program run length against detection rate | |
| US20240054210A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| US20230252144A1 (en) | Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program | |
| Pluskal | Behavioural malware detection using efficient SVM implementation | |
| Mithal et al. | Case studies on intelligent approaches for static malware analysis | |
| Bai et al. | Approach for malware identification using dynamic behaviour and outcome triggering | |
| Lv et al. | A heterogeneous graph learning model for cyber-attack detection | |
| Ameer | Android ransomware detection using machine learning techniques to mitigate adversarial evasion attacks |