An MCA Based Method for API Association Extraction for PE Malware Categorization
Keywords:
Malware, malware analysis, multiple correspondence analysis (MCA), Windows API.Abstract
In computer security, protecting systems against
malwares has become the main concern of particulars and companies. Unfortunately, the existing anti-malware systems are so fare unable to provide an efficient protection. However, a new generation of powerful malware detection techniques has emerged. One of these techniques is that based on the static
analysis of the called API functions by a program in order to detect any suspicious behavior. In this paper we provide a method to extract existing associations between the imported API functions by malware codes under Microsoft Windows environment. The main goal of this work is to be able to determine with a high degree of confidence what the most likely used Windows APIs and their associations by malware are. We have used for that purpose a well known and a powerful statistical method which is the Multiple Correspondence Analysis (MCA). We applied the MCA method on a set of APIs which were priori extracted from a large dataset of malware and clean portable executable (PE) files. According to our knowledge, this is the first work having used factorial analysis to determine API associations in malwares. We assume that this allows a more accurate behavior based malware detection.
Downloads
Downloads
Published
Issue
Section
License
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
