Malware Family Motif API Sequence Analysis on Windows Platform
Date Issued
2016
Date
2016
Author(s)
Chiang, Li-Yuan
Abstract
This thesis aims to focus on malware on Windows platform, extracting common characteristic behaviors in a malware family, identifying differentiated characteristic behavior among malware family variants. First, we define a malware process execution to be a Windows API call sequence and winnow parameters in these sequences. Then, in order to compare these sequences, we apply sequence alignment techniques to align similar parts in execution sequences, insert gaps or align mismatch parts in different parts. Thus, we develop a system for multiple sequence alignment based on Needleman-Wunsch algorithm. This system produces a data structure, stageMatrix, to describe all segment alignment information among a family variants. Next, we extract common execution stages. We define APIs that may cause system state changes (StateChange_API, SC_API) and track the resources these APIs access and visualize the full access flow. At last, we plan to extend characteristic comparison to multiple families in future work.
Subjects
Malware
Family
Sequence alignment
Common characteristics extraction
Differentiated behaviors identification
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-105-R03725038-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):3a102724a550c12b8cb05e27dab3b026