A Study on Similarity Calculation Method for API Invocation Sequences

机译：API调用序列的相似性计算方法研究

获取原文

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Malware variants have been developed and spread in the Internet, and the number of new malware variants is increases every year. Recently, malware is applied with obfuscation and mutation techniques to hide its existence, and malware variants are developed with various automatic tools that transform the properties of existing malware to avoid static analysis based malware detection systems. It is difficult to detect such obfuscated malware with static-based signatures, so we have designed a detection system based on dynamic analysis. In this paper, we propose a dynamic analysis based system that uses the API invocation sequences to compare behaviors of suspicious software with behaviors of existing malware.

机译：恶意软件变体已经在互联网上开发并传播，每年都会增加新的恶意软件变体。最近，使用混淆和突变技术来应用恶意软件来隐藏其存在，并且使用各种自动工具开发恶意软件，可转换现有恶意软件的属性以避免基于静态分析的恶意软件检测系统。很难通过基于静态的签名检测这种混淆的恶意软件，因此我们设计了一种基于动态分析的检测系统。在本文中，我们提出了一种基于动态分析的系统，它使用API调用序列与现有恶意软件的行为比较可疑软件的行为。

著录项

来源
《International conference on rough sets and knowledge technology》|2015年||共10页
会议地点
作者
Yu Jin Shim; TaeGuen Kim; Eul Gyu Im;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Malware detection; API invocation sequence; Dynamic analysis; Similarity calculation method;

机译：恶意软件检测;API调用序列;动态分析;相似性计算方法;

相似文献

外文文献
中文文献
专利

1. LSCDroid: Malware Detection Based on Local Sensitive API Invocation Sequences [J] . IEEE Transactions on Reliability . 2020,第1期

机译：LSCDroid：基于本地敏感API调用序列的恶意软件检测
2. Similarity/dissimilarity calculation methods of DNA sequences: A survey [J] . Jin Xin, Jiang Qian, Chen Yanyan, Journal of molecular graphics & modelling . 2017,第期

机译：DNA序列的相似性/异化性计算方法：调查
3. Mining API Usage Patterns from Software Repositories by Categorizing Method Invocations [J] . Rizky Januar Akbar, Takayuki OMORI, Katsuhisa MARUYAMAX 電子情報通信学会技術研究報告 . 2012,第23期

机译：通过对方法调用进行分类来从软件存储库中挖掘API使用模式
4. A Study on Similarity Calculation Method for API Invocation Sequences [C] . Yu Jin Shim, TaeGuen Kim, Eul Gyu Im Rough sets and knowledge technology . 2015

机译：API调用序列相似度计算方法研究
5. Fast Edit Distance Calculation Methods for NGS Sequence Similarity [D] . Islam, A. K. M. Tauhidul. 2020

机译：NGS序列相似性快速编辑距离计算方法
6. An Efficient Parallel Algorithm for Multiple Sequence Similarities Calculation Using a Low Complexity Method [O] . Evandro A. Marucci, Geraldo F. D. Zafalon, Julio C. Momente, -1

机译：低复杂度方法的多序列相似度计算的高效并行算法
7. The bacterial identification and antimicrobial susceptibility testing are usually performed manually. Recently, the number of samples has increased and the need for automatification has grown. BioMerieux has investigated Vitek2 for this purpose. HUSLAB has assigned us to compare the identification and antimicrobial results with respect to routine methods and Vitek2. Furthermore, we evaluate test reactions, ESBL (Extended Spectrum Beta-Lactamase) production and the time what it takes to get results with Vitek2. In this study, we examined a total of 183 bacterial isolates including 76 ESBL-strains, 40 nonfermenting rods, 41 fastidious bacteria and 26 fresh clinical isolates. The results of routine methods were gathered from the patient database and following this, compared to the results given by Vitek2. Vitek2 correctly identified more than 96 f the ESBL-strains and fresh clinical isolates. The results of nonfermenting rods and fastidious bacteri a were 70 oncordant with those of the routine methods. Test reaction results of Api20E were 94 nd Api20NE 70 n concordance with Vitek2 results. Approximately 80 f all Vitek2 antimicrobial results and 90 f ESBL test results were correct. Compared to earlier studies, Vitek2 performed the tests faster than the routine methods. These results suggest that Vitek2 is capable of giving rapid and accurate results. However, nonfermenting rods and fastidious bacteria should be studied further. [O] . Järveläinen Marika, Roslund Iira, Silander Maarit 2006

机译：细菌鉴定和抗菌药敏试验通常是手动进行的。最近，样品的数量增加了，并且对自动化的需求也在增长。 BioMerieux为此进行了Vitek2的研究。 HUSLAB已指派我们比较常规方法和Vitek2的鉴定和抗菌结果。此外，我们还评估了测试反应，ESBL（扩展频谱β-内酰胺酶）的产生以及使用Vitek2获得结果所需的时间。在这项研究中，我们检查了总共183个细菌分离株，包括76个ESBL菌株，40个非发酵棒，41个营养细菌和26个新鲜临床分离株。从患者数据库中收集常规方法的结果，然后将其与Vitek2给出的结果进行比较。 Vitek2正确鉴定出超过96种ESBL菌株和新鲜的临床分离株。与常规方法相比，非发酵棒和精制细菌的结果为70。 Api20E的测试反应结果与Vitek2结果一致为94nd Api20NE 70 n。所有Vitek2抗菌结果约80 f和ESBL测试结果90 f正确。与早期的研究相比，Vitek2的测试速度快于常规方法。这些结果表明Vitek2能够给出快速而准确的结果。但是，应进一步研究非发酵棒和营养细菌。
8. Discovering sequence similarity by the algorithmic significance method [R] . Milosavljevic, A. 1993

机译：通过算法显着性方法发现序列相似性

A Study on Similarity Calculation Method for API Invocation Sequences

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅