Differentiating malware from cleanware using behavioural analysis
Tian, Ronghua, Islam, Rafiqul, Batten, Lynn and Versteeg, Steve 2010, Differentiating malware from cleanware using behavioural analysis, in MALWARE 2010 : Proceedings of the 5th International Conference on Malicious and Unwanted Software 2010, IEEE, Piscataway, N.J., pp. 23-30.
This paper proposes a scalable approach for distinguishing malicious files from clean files by investigating the behavioural features using logs of various API calls. We also propose, as an alternative to the traditional method of manually identifying malware files, an automated classification system using runtime features of malware files. For both projects, we use an automated tool running in a virtual environment to extract API call features from executables and apply pattern recognition algorithms and statistical methods to differentiate between files. Our experimental results, based on a dataset of 1368 malware and 456 cleanware files, provide an accuracy of over 97% in distinguishing malware from cleanware. Our techniques provide a similar accuracy for classifying malware into families. In both cases, our results outperform comparable previously published techniques.
Field of Research
080303 Computer System Security
Socio Economic Objective
890206 Internet Hosting Services (incl. Application Hosting Services)