• Jun 13, 2017 News!The submission for 2018 7th International Conference on Information and Electronics Engineering (ICIEE 2018) is officially open now !   [Click]
  • Jul 28, 2017 News!IJIEE Vol. 7, No. 4 issue has been published online!   [Click]
  • Jun 28, 2017 News!Papers published in Vol.7, No.1 have all received dois from Crossref.
General Information
Editor-in-chief

 
Faculty of Science, University of Brunei Darussalam, Brunei Darussalam   
" It is a great honor to serve as the editor-in-chief of IJIEE. I'll work together with the editorial team. Hopefully, IJIEE will be recognized among the readers in the related field."
IJIEE 2015 Vol.5(3): 225-231 ISSN: 2010-3719
DOI: 10.7763/IJIEE.2015.V5.534

An MCA Based Method for API Association Extraction for PE Malware Categorization

Mohamed Belaoued and Smaine Mazouzi
Abstract— In computer security, protecting systems against malwares has become the main concern of particulars and companies. Unfortunately, the existing anti-malware systems are so fare unable to provide an efficient protection. However, a new generation of powerful malware detection techniques has emerged. One of these techniques is that based on the static analysis of the called API functions by a program in order to detect any suspicious behavior. In this paper we provide a method to extract existing associations between the imported API functions by malware codes under Microsoft Windows environment. The main goal of this work is to be able to determine with a high degree of confidence what the most likely used Windows APIs and their associations by malware are. We have used for that purpose a well known and a powerful statistical method which is the Multiple Correspondence Analysis (MCA). We applied the MCA method on a set of APIs which were priori extracted from a large dataset of malware and clean portable executable (PE) files. According to our knowledge, this is the first work having used factorial analysis to determine API associations in malwares. We assume that this allows a more accurate behavior based malware detection.

Index Terms— Malware, malware analysis, multiple correspondence analysis (MCA), Windows API.

The authors are with the Department of Computer Science, University of Skikda, Algeria (e-mail: belaoued.mohamed@gmail.com, mazouzi_smaine@yahoo.fr).

[PDF]

Cite: Mohamed Belaoued and Smaine Mazouzi, " An MCA Based Method for API Association Extraction for PE Malware Categorization," International Journal of Information and Electronics Engineering vol. 5, no. 3, pp. 225-231, 2015.

Copyright © 2008-2017. International Journal of Information and Electronics Engineering. All rights reserved.
E-mail: ijiee@ejournal.net