An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla

Abdulla, Saman Mirza (2012) An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla. PhD thesis, University of Malaya.

[img]
Preview
 PDF (Full Text)
Download (4Mb) | Preview

    Abstract

    Recently, most researchers have employed behaviour based detection systems to classify Portable Executable (PE) malwares. They usually tried to identify malicious Application Programming Interface (API) calls among the sequence of calls that made by a suspected application. They depended mostly on measuring the similarity or the distance between the suspected API calls with a set of predefined calls that collected from normal and malware applications. However, malwares always tried to keep their normality through hiding their malicious activities. Within such behaviours, calls that made by PE malwares become more similar to normal, which in turn, challenging most distinguishing models. Even such similarity puts the accuracy of most classifier models in a very critical situation as many misclassified and doubtful results will be recorded. Therefore, this work has addressed the accuracy problem of the API call behaviour classifier models. To achieve that, the work has proposed a biological model that defined as Artificial Costimulation Classifier (ACC). The model can mimic the Costimulation phenomenon that occurred inside the Human Immune Systems (HIS) to control errors and to avoid self-cell attacking. Moreover, Costimulation can work as safety and balance processes inside the Artificial Immune System (AIS). To build the ACC model, this work has employed the Feed forward Back-Propagation Neural Network (FFBP-NN) with Euclidean Distance. The work also used the K-fold cross validation method to validate the dataset. The results of our work showed the ability of the ACC model to improve the accuracy of malicious API call classification up to 90.23%. The results of the ACC model have been compared with four types of classifier models and it shows its outperformance.

    Item Type: Thesis (PhD)
    Additional Information: Thesis (Ph.D.) -- Faculty of Computer Science and Information Technology, University of Malaya, 2012
    Uncontrolled Keywords: Malware (Computer software); Application program interfaces (Computer software); Computer security; Computer networks--Security measures
    Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
    Divisions: Faculty of Computer Science & Information Technology > Dept of Computer System & Technology
    Depositing User: Mrs Nur Aqilah Paing
    Date Deposited: 12 Jun 2015 10:54
    Last Modified: 12 Jun 2015 10:54
    URI: http://studentsrepo.um.edu.my/id/eprint/5536

    Actions (For repository staff only : Login required)

    		 View Item
    EPrints Logo
    UM Student's Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits .