Title: Malware detection model based on classifying system calls and code attributes: a proof of concept

Authors: Malik F. Saleh

Addresses: Prince Mohammad Bin Fahd University, P.O. Box 1664 Al Khobar 31952, Kingdom of Saudi Arabia

Abstract: The process of malware detection involves static code analysis and dynamic analysis. Both methods have limitations. This research tried to bridge the gap between the two methods by dynamically predicting the risk before the static analysis. The proof-of-concept examined the code of known malwares and concluded that five characteristics of the code will predict the risk of any executable file, namely, the system function, encryption, code obfuscation, stalling code, and checking for the debugger environment. The proof-of-concept validates the effectiveness of the model. It shows 96% success and limited false-positives results.

Keywords: malware; malware detection; system calls; classifying system calls; static analysis; dynamic analysis.

DOI: 10.1504/IJESDF.2019.098772

International Journal of Electronic Security and Digital Forensics, 2019 Vol.11 No.2, pp.183 - 193

Received: 20 Dec 2017
Accepted: 01 Mar 2018

Published online: 02 Apr 2019 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article