Study on Malware Detection Based on API Calls Characteristic
碩士 === 國立雲林科技大學 === 資訊工程系 === 103 === In recent years, with the rapid development, popularization and application of computer and network, it is getting more and more convenience to daily life. However, there are emerging a lot of information technology crimes too. Traditional crime patterns have be...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2015
|
Online Access: | http://ndltd.ncl.edu.tw/handle/cyv575 |
id |
ndltd-TW-103YUNT0392009 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-103YUNT03920092019-06-27T05:24:55Z http://ndltd.ncl.edu.tw/handle/cyv575 Study on Malware Detection Based on API Calls Characteristic 基於API呼叫特徵機制於惡意程式偵測之研究 Jyun-Wei Lin 林駿威 碩士 國立雲林科技大學 資訊工程系 103 In recent years, with the rapid development, popularization and application of computer and network, it is getting more and more convenience to daily life. However, there are emerging a lot of information technology crimes too. Traditional crime patterns have been evolving into cyber crime patterns. The use of traditional forensic evidence method is not enough to contend with. Therefore, the judiciary start using various methods of information technology to obtain information stored in the computer and storage media. However, cybersecurity are threaten by those crimes, such as manufacture and cast computer viruses, steal information, hacking, sabotage...etc. Therefore, law enforcement agencies are facing new difficulties and challenges. In order to solve the problem that current malware detection method cannot effectively detect and analyze malware. This paper proposed a new framework for malware behavior identification and classification that apply static approach. Our proposed method analyzes API functions and parameters which are used by malwares to determine the types of malware and to observe their behaviors. The detection method consists of two stages: First, we extracted IAT table from the structure of the PE file, and find the behavior of API calls combination as the analysis target. In accordance with the sets of API calls that different types of malware must use, to regard as a set of feature vectors to analyze malware. Second, In addition to determining API used by malware, we also analyze their parameters to achieve a better detection accuracy. Experiment result shows that our proposed malware detection framework can effectively detect malwares and categorize the type of malwares, and help investigators to forensic malwares. Wen-Chung Kuo Lih-Chyau Wuu 郭文中 伍麗樵 2015 學位論文 ; thesis 49 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立雲林科技大學 === 資訊工程系 === 103 === In recent years, with the rapid development, popularization and application of computer and network, it is getting more and more convenience to daily life. However, there are emerging a lot of information technology crimes too. Traditional crime patterns have been evolving into cyber crime patterns. The use of traditional forensic evidence method is not enough to contend with. Therefore, the judiciary start using various methods of information technology to obtain information stored in the computer and storage media. However, cybersecurity are threaten by those crimes, such as manufacture and cast computer viruses, steal information, hacking, sabotage...etc. Therefore, law enforcement agencies are facing new difficulties and challenges. In order to solve the problem that current malware detection method cannot effectively detect and analyze malware. This paper proposed a new framework for malware behavior identification and classification that apply static approach. Our proposed method analyzes API functions and parameters which are used by malwares to determine the types of malware and to observe their behaviors. The detection method consists of two stages: First, we extracted IAT table from the structure of the PE file, and find the behavior of API calls combination as the analysis target. In accordance with the sets of API calls that different types of malware must use, to regard as a set of feature vectors to analyze malware. Second, In addition to determining API used by malware, we also analyze their parameters to achieve a better detection accuracy. Experiment result shows that our proposed malware detection framework can effectively detect malwares and categorize the type of malwares, and help investigators to forensic malwares.
|
author2 |
Wen-Chung Kuo |
author_facet |
Wen-Chung Kuo Jyun-Wei Lin 林駿威 |
author |
Jyun-Wei Lin 林駿威 |
spellingShingle |
Jyun-Wei Lin 林駿威 Study on Malware Detection Based on API Calls Characteristic |
author_sort |
Jyun-Wei Lin |
title |
Study on Malware Detection Based on API Calls Characteristic |
title_short |
Study on Malware Detection Based on API Calls Characteristic |
title_full |
Study on Malware Detection Based on API Calls Characteristic |
title_fullStr |
Study on Malware Detection Based on API Calls Characteristic |
title_full_unstemmed |
Study on Malware Detection Based on API Calls Characteristic |
title_sort |
study on malware detection based on api calls characteristic |
publishDate |
2015 |
url |
http://ndltd.ncl.edu.tw/handle/cyv575 |
work_keys_str_mv |
AT jyunweilin studyonmalwaredetectionbasedonapicallscharacteristic AT línjùnwēi studyonmalwaredetectionbasedonapicallscharacteristic AT jyunweilin jīyúapihūjiàotèzhēngjīzhìyúèyìchéngshìzhēncèzhīyánjiū AT línjùnwēi jīyúapihūjiàotèzhēngjīzhìyúèyìchéngshìzhēncèzhīyánjiū |
_version_ |
1719211291747287040 |