RT Journal Article
T1 Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence
A1 Amer, Eslam
A1 El-Sappagh, Shaker
A1 Hu, Jon Wan
K1 Malware detection
K1 API call sequence
K1 Contextual behavior
K1 Malware mimicry
AB The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware’s mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives
PB MDPI
YR 2020
FD 2020
LK http://hdl.handle.net/10347/24065
UL http://hdl.handle.net/10347/24065
LA eng
NO Amer, E.; El-Sappagh, S.; Hu, J.W. Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence. Appl. Sci. 2020, 10, 7673
NO This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government(MSIT) (No. 2020R1A4A4079299)
DS Minerva
RD 26 abr 2026