Polymorphic Malicious Executable Scanner by API Sequence Analysis

Kitakyushu, Japan December 05-December 08

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICHIS.2004.75

Fourth International Conference on Hy ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by J-Y. Xu Articles by A. H. Sung Articles by P. Chavez Articles by S. Mukkamala

	ASCII Text	x
	J-Y. Xu, A. H. Sung, P. Chavez, S. Mukkamala, "Polymorphic Malicious Executable Scanner by API Sequence Analysis," Hybrid Intelligent Systems, International Conference on, pp. 378-383, Fourth International Conference on Hybrid Intelligent Systems (HIS'04), 2004.

	BibTex	x
	@article{ 10.1109/ICHIS.2004.75, author = {J-Y. Xu and A. H. Sung and P. Chavez and S. Mukkamala}, title = {Polymorphic Malicious Executable Scanner by API Sequence Analysis}, journal ={Hybrid Intelligent Systems, International Conference on}, volume = {0}, year = {2004}, isbn = {0-7695-2291-2}, pages = {378-383}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICHIS.2004.75}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hybrid Intelligent Systems, International Conference on TI - Polymorphic Malicious Executable Scanner by API Sequence Analysis SN - 0-7695-2291-2 SP378 EP383 A1 - J-Y. Xu, A1 - A. H. Sung, A1 - P. Chavez, A1 - S. Mukkamala, PY - 2004 KW - null VL - 0 JA - Hybrid Intelligent Systems, International Conference on ER -

J-Y. Xu, New Mexico Tech

A. H. Sung, New Mexico Tech

P. Chavez, New Mexico Tech

S. Mukkamala, New Mexico Tech

The proliferation of malware (viruses, Trojans, and other malicious code) in recent years has presented a serious threat to enterprises, organizations, and individuals. Polymorphic (or variant versions of) computer viruses are more complex and difficult than their original versions to detect, often requiring antivirus companies to spend much time to create the routines needed to catch them. In this paper, we propose a new approach for detecting polymorphic malware in the Windows platform. Our approach rests on an analysis based on the Windows API calling sequence that reflects the behavior of a piece of particular code. The analysis is carried out directly on the PE (portable executable) code. It is achieved in two major steps: construct the API calling sequences for both the known virus and the suspicious code, and perform a similarity measurement between the two sequences after a sequence realignment operation is done. Favorable experimental results are obtained and presented.

Citation:

J-Y. Xu, A. H. Sung, P. Chavez, S. Mukkamala, "Polymorphic Malicious Executable Scanner by API Sequence Analysis," his, pp.378-383, Fourth International Conference on Hybrid Intelligent Systems (HIS'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.