| Signature-based detection techniques hardly cover the requirements of anti-virus detection because they are syntactic-based. Large parts of malwares evolve from known malwares by using code obfuscation techniques like Metamorphic and Polymorphic, making newly generated malwares extremely sophisticated to be detected. This article is intended to handle problems that signature-based detection cannot well deal with by extracting their Windows API calling sequences which decipher their semantic. If the similarity of two matrices between the detected file and the malware family is within a threshold, the sample is reckoned as a variant of the malware family. In this paper, two sacrifices are made:1. Newly designed extraction of signature and generation of signature databases. Samples collected were analyzed to obtain their behavioral features. Then the samples are formatted into a two-tuple. Finally, the two-tuples are organized which results in a database.2. A malware detection system based on Windows API. This paper proposed a method to extract semantic information of a sample, which conquer the shortcomings of existing static detection methods to some extent. |
PDF Full Text Request