Malware detection based on visualization of recombined API instruction sequence
This paper introduces a malware detection method based on the reorganisation of API instruction sequence and image representation in an effort to address the challenges posed by current methods of malware detection in terms of feature extraction and detection accuracy. In the first step, APIs of the...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Taylor & Francis Group
2022-12-01
|
| Series: | Connection Science |
| Subjects: | |
| Online Access: | http://dx.doi.org/10.1080/09540091.2022.2139353 |
| _version_ | 1797684035315564544 |
|---|---|
| author | Hongyu Yang Yupei Zhang Liang Zhang Xiang Cheng |
| author_facet | Hongyu Yang Yupei Zhang Liang Zhang Xiang Cheng |
| author_sort | Hongyu Yang |
| collection | DOAJ |
| description | This paper introduces a malware detection method based on the reorganisation of API instruction sequence and image representation in an effort to address the challenges posed by current methods of malware detection in terms of feature extraction and detection accuracy. In the first step, APIs of the same type are grouped into an API block. Each API block is reorganised according to the first invocation order of each type of API. As a measure of the API's devotion to the software sample, the number of API block entries is recorded. Second, the API codes, API devotions, and API sequential indexes are extracted based on the reorganised API instruction sequence to generate the feature image. The feature image is then fed into the self-built lightweight malware feature image convolution neural network. The experimental results indicate that the detection accuracy of this method is 98.66% and that it has high performance indicators and detection speed for malware detection. |
| first_indexed | 2024-03-12T00:23:31Z |
| format | Article |
| id | doaj.art-e11563783e994b838a17b6455d21142b |
| institution | Directory Open Access Journal |
| issn | 0954-0091 1360-0494 |
| language | English |
| last_indexed | 2024-03-12T00:23:31Z |
| publishDate | 2022-12-01 |
| publisher | Taylor & Francis Group |
| record_format | Article |
| series | Connection Science |
| spelling | doaj.art-e11563783e994b838a17b6455d21142b2023-09-15T10:48:01ZengTaylor & Francis GroupConnection Science0954-00911360-04942022-12-013412630265110.1080/09540091.2022.21393532139353Malware detection based on visualization of recombined API instruction sequenceHongyu Yang0Yupei Zhang1Liang Zhang2Xiang Cheng3Civil Aviation University of ChinaCivil Aviation University of ChinaThe University of ArizonaYangzhou UniversityThis paper introduces a malware detection method based on the reorganisation of API instruction sequence and image representation in an effort to address the challenges posed by current methods of malware detection in terms of feature extraction and detection accuracy. In the first step, APIs of the same type are grouped into an API block. Each API block is reorganised according to the first invocation order of each type of API. As a measure of the API's devotion to the software sample, the number of API block entries is recorded. Second, the API codes, API devotions, and API sequential indexes are extracted based on the reorganised API instruction sequence to generate the feature image. The feature image is then fed into the self-built lightweight malware feature image convolution neural network. The experimental results indicate that the detection accuracy of this method is 98.66% and that it has high performance indicators and detection speed for malware detection.http://dx.doi.org/10.1080/09540091.2022.2139353malware detectionapivisualisationrgb imagecnn |
| spellingShingle | Hongyu Yang Yupei Zhang Liang Zhang Xiang Cheng Malware detection based on visualization of recombined API instruction sequence Connection Science malware detection api visualisation rgb image cnn |
| title | Malware detection based on visualization of recombined API instruction sequence |
| title_full | Malware detection based on visualization of recombined API instruction sequence |
| title_fullStr | Malware detection based on visualization of recombined API instruction sequence |
| title_full_unstemmed | Malware detection based on visualization of recombined API instruction sequence |
| title_short | Malware detection based on visualization of recombined API instruction sequence |
| title_sort | malware detection based on visualization of recombined api instruction sequence |
| topic | malware detection api visualisation rgb image cnn |
| url | http://dx.doi.org/10.1080/09540091.2022.2139353 |
| work_keys_str_mv | AT hongyuyang malwaredetectionbasedonvisualizationofrecombinedapiinstructionsequence AT yupeizhang malwaredetectionbasedonvisualizationofrecombinedapiinstructionsequence AT liangzhang malwaredetectionbasedonvisualizationofrecombinedapiinstructionsequence AT xiangcheng malwaredetectionbasedonvisualizationofrecombinedapiinstructionsequence |