Complexity Reduction on API Call Sequence Alignment Using Unique API Word Sequence

Abstract

© 2017 IEEE. API call analysis is well-known method for classifing malware based on their behaviors. An analysis based on sequence alignment of API call usually produces the high accuracy result. However, the method suffers from time consuming. Thus, researchers make trade-off between time and accuracy by neglecting API call arguments and/or grouping API calls into character categories. We suggest an approach to preserve API call arguments while reducing the alignment overhead by using longest common unique API word sequence as split points. The proposed method produces high matching sequences while API call arguments are preserved and time complexity is reduced. Moreover, we apply this approach to produce malware subfamily signature, the similar API calls that extracted from aligned sequences. Malware subfamily signatures can be used for detecting malware samples of their family with high accuracy.