@inproceedings{05d0993979a94df197407b52dfd65fb0,
title = "Discovering similarities in malware behaviors by clustering of API call sequences",
abstract = "New genres of malware are evading detection by using polymorphism, obfuscation and encryption techniques. Hence, new strategies are needed to overcome the limitations of current malware analysis practices. In this paper, we propose an unsupervised learning (clustering) framework to complement the supervised learning (i.e., classifier-based malware detection) approach. We cluster malware instances to discover similarities in their dynamic behaviors and to detect new malware families. For that, we utilize Application Programming Interface (API) call sequences to represent the behaviors of malware in dynamic runtime environment. We investigate three sequence comparison algorithms, namely, Optimal Matching (OM), Longest Common Subsequence (LCS), and Longest Common Prefix (LCP) for calculating sequence–sequence distances to be used for hierarchical clustering. Among the three algorithms, LCP is found to be both the most effective in terms of clustering quality and the most efficient in terms of time complexity (linear-time).",
keywords = "API calls, Clustering, Malware, Malware patterns",
author = "{Al Shamsi}, Fatima and Woon, {Wei Lee} and Zeyar Aung",
note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; 25th International Conference on Neural Information Processing, ICONIP 2018 ; Conference date: 13-12-2018 Through 16-12-2018",
year = "2018",
doi = "10.1007/978-3-030-04212-7_11",
language = "British English",
isbn = "9783030042110",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "122--133",
editor = "Seiichi Ozawa and Leung, {Andrew Chi Sing} and Long Cheng",
booktitle = "Neural Information Processing - 25th International Conference, ICONIP 2018, Proceedings",
address = "Germany",
}