Authors: Nishant Kumar; Lokesh Yadav; Deepak Singh Tomar
Addresses: Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India ' Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India ' Maulana Azad National Institute of Technology, Madhya Pradesh 462003, India
Abstract: Nowadays, malware is being developed and implemented on a large-scale, which poses a critical security threat to digital devices. Therefore, effective analysis of malware is an important concern for security experts. Malware software exploits security vulnerabilities of the device and compromises the security of computing settings. Static analysis is a time-consuming approach and requires a lot of manual effort. To overcome this limitation, dynamic analysis was carried in this paper by performing malicious code execution capable enough in identifying multi-functional malware. Sometimes dynamic analysis is unable to handle obfuscated malware due to its API hooking capability. Hence, an approach was applied to combine dynamic analysis technique with memory analysis technique to provide an effective and efficient method for analysing malware using API calls. This approach was performed in a safe and isolated environment to capture the behaviour of the malware. This study shows a noteworthy improvement in accuracy, i.e., 98.62% and reduction in false positive rate, i.e., 1.3%.
Keywords: malware; malware analysis; memory dumps; dynamic analysis; API calls; machine learning.
International Journal of Swarm Intelligence, 2021 Vol.6 No.2, pp.93 - 105
Received: 10 Jun 2020
Accepted: 27 Nov 2020
Published online: 29 Oct 2021 *