Study of fuzzy clustering methods for malicious codes using native API call frequency

摘要

The Native API is a system call which can only be accessed with the authentication of the administrator. It can be used to detect a variety of malicious codes which can only be executed with the administrator's authority. Therefore, much research is being done on detection methods using the characteristics of the Native API. Most of these researches are being done by using supervised learning methods of machine learning. However, the classification standards of Anti-Virus companies do not reflect the characteristics of the Native API Call. As a result the population data used in the supervised learning methods is not accurate. Therefore, more research is needed on the topic of classification standards using the Native API for detection. This paper proposes a method for classifying malicious codes using a fuzzy clustering method with the Native API Call standard. The accuracy of the proposed method uses machine learning to compare detection rates with previous classifying methods for evaluation.