Prof Ashkan Sami A.Sami@napier.ac.uk
Professor
Prof Ashkan Sami A.Sami@napier.ac.uk
Professor
Babak Yadegari
Hossein Rahimi
Naser Peiravian
Sattar Hashemi
Ali Hamze
Financial loss due to malware nearly doubles every two years. For instance in 2006, malware caused near 33.5 Million GBP direct financial losses only to member organizations of banks in UK. Recent malware cannot be detected by traditional signature based anti-malware tools due to their polymorphic and/or metamorphic nature. Malware detection based on its immutable characteristics has been a recent industrial practice. The datasets are not public. Thus the results are not reproducible and conducting research in academic setting is difficult. In this work, we not only have improved a recent method of malware detection based on mining Application Programming Interface (API) calls significantly, but also have created the first public dataset to promote malware research.
Our technique first reads API call sets used in a collection of Portable Executable (PE) files, then generates a set of discriminative and domain interpretable features. These features are then used to train a classifier to detect unseen malware. We have achieved detection rate of 99.7% while keeping accuracy as high as 98.3%. Our method improved state of the art technology in several aspects: accuracy by 5.24%, detection rate by 2.51% and false alarm rate was decreased from 19.86% to 1.51%. This project's data and source code can be found at http://home.shirazu.ac.ir/~sami/malware.
Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., & Hamze, A. (2010, March). Malware detection based on mining API calls. Presented at The 2010 ACM Symposium, Sierre, Switzerland
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | The 2010 ACM Symposium |
Start Date | Mar 22, 2010 |
End Date | Mar 26, 2010 |
Online Publication Date | Mar 22, 2010 |
Publication Date | 2010 |
Deposit Date | Dec 2, 2022 |
Publisher | Association for Computing Machinery (ACM) |
Pages | 1020-1025 |
Book Title | SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing |
DOI | https://doi.org/10.1145/1774088.1774303 |
Public URL | http://researchrepository.napier.ac.uk/Output/2925498 |
An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples
(2020)
Journal Article
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
Apache License Version 2.0 (http://www.apache.org/licenses/)
Apache License Version 2.0 (http://www.apache.org/licenses/)
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search