Malware Detection Based on API Call Usage Using SVM

• Main Authors: Yu-Chen Tseng, 曾宇辰
• Other Authors: Hsiao-Rong Tyan
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/55088601281273725696

碩士 === 中原大學 === 資訊工程研究所 === 100 === With the amount of malwares increases continually, computers are under serious security threats. An efficient and effective computer malware detection scheme is important to all. Pattern-based malware detection schemes are effective and efficient, but it is not able to recognize a malware if there is no pre-established pattern. This is a tremendous disadvantage since great damage can occur before a new malware is captured, analyzed and has its pattern found. On the other hand, a learning-based detection method has the potential to recognize a new malware, however, the efficiency and effectiveness of such methods are quite poor in comparison to the pattern-based schemes. In this thesis, we propose a new learning-based detection scheme with API calls usages in programs being the features. We carefully studied the properties of API calls and design a feature set accordingly for our learning-based scheme. An SVM based detection model is formed by using a set of training programs. A prototype of the proposed method has been developed and tested. It exhibit very high performance in terms of efficiency and effectiveness for both known and unknown programs.