Title: Analysis of malware by integrating API extracted from dynamic and memory analysis

Authors: Nishant Kumar; Lokesh Yadav; Deepak Singh Tomar

Addresses: Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India ' Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India ' Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India

Abstract: Nowadays, malware is being developed and implemented on a large-scale, which poses a critical security threat to digital devices. Therefore, effective analysis of malware is an important concern for security experts. Malware software exploits security vulnerabilities of the device and compromises the security of computing settings. Static analysis is a time-consuming approach and requires a lot of manual effort. To overcome this limitation, dynamic analysis was carried in this paper by performing malicious code execution capable enough in identifying multi-functional malware. Sometimes dynamic analysis is unable to handle obfuscated malware due to its API hooking capability. Hence, an approach was applied to combine dynamic analysis technique with memory analysis technique to provide an effective and efficient method for analysing malware using API calls. This approach was performed in a safe and isolated environment to capture the behaviour of the malware. This study shows a noteworthy improvement in accuracy, i.e., 98.62% and reduction in false positive rate, i.e., 1.3%.

Keywords: malware; malware analysis; memory dumps; dynamic analysis; API calls; machine learning.

DOI: 10.1504/IJSI.2021.118605

International Journal of Swarm Intelligence, 2021 Vol.6 No.2, pp.93 - 105

Received: 10 Jun 2020
Accepted: 27 Nov 2020

Published online: 29 Oct 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article