An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla
Recently, most researchers have employed behaviour based detection systems to classify Portable Executable (PE) malwares. They usually tried to identify malicious Application Programming Interface (API) calls among the sequence of calls that made by a suspected application. They depended mostly on m...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/5536/ http://studentsrepo.um.edu.my/5536/1/AN_ARTIFICIAL_CO%2DSTIMULATION_CLASSIFIER_FOR_MALICIOUS_API_CALLS_CLASSIFICATION_IN_PORTABLE_EXECUTABLE_MALWARES.pdf |
| _version_ | 1848772914397052928 |
|---|---|
| author | Abdulla, Saman Mirza |
| author_facet | Abdulla, Saman Mirza |
| author_sort | Abdulla, Saman Mirza |
| building | UM Research Repository |
| collection | Online Access |
| description | Recently, most researchers have employed behaviour based detection systems to classify Portable Executable (PE) malwares. They usually tried to identify malicious Application Programming Interface (API) calls among the sequence of calls that made by a suspected application. They depended mostly on measuring the similarity or the distance between the suspected API calls with a set of predefined calls that collected from normal and malware applications. However, malwares always tried to keep their normality through hiding their malicious activities. Within such behaviours, calls that made by PE malwares become more similar to normal, which in turn, challenging most distinguishing models. Even such similarity puts the accuracy of most classifier models in a very critical situation as many misclassified and doubtful results will be recorded.
Therefore, this work has addressed the accuracy problem of the API call behaviour classifier models. To achieve that, the work has proposed a biological model that defined as Artificial Costimulation Classifier (ACC). The model can mimic the Costimulation phenomenon that occurred inside the Human Immune Systems (HIS) to control errors and to avoid self-cell attacking. Moreover, Costimulation can work as safety and balance processes inside the Artificial Immune System (AIS).
To build the ACC model, this work has employed the Feed forward Back-Propagation Neural Network (FFBP-NN) with Euclidean Distance. The work also used the K-fold cross validation method to validate the dataset. The results of our work showed the ability of the ACC model to improve the accuracy of malicious API call classification up to 90.23%. The results of the ACC model have been compared with four types of classifier models and it shows its outperformance. |
| first_indexed | 2025-11-14T13:34:05Z |
| format | Thesis |
| id | um-5536 |
| institution | University Malaya |
| institution_category | Local University |
| last_indexed | 2025-11-14T13:34:05Z |
| publishDate | 2012 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | um-55362015-06-12T02:54:14Z An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla Abdulla, Saman Mirza QA75 Electronic computers. Computer science Recently, most researchers have employed behaviour based detection systems to classify Portable Executable (PE) malwares. They usually tried to identify malicious Application Programming Interface (API) calls among the sequence of calls that made by a suspected application. They depended mostly on measuring the similarity or the distance between the suspected API calls with a set of predefined calls that collected from normal and malware applications. However, malwares always tried to keep their normality through hiding their malicious activities. Within such behaviours, calls that made by PE malwares become more similar to normal, which in turn, challenging most distinguishing models. Even such similarity puts the accuracy of most classifier models in a very critical situation as many misclassified and doubtful results will be recorded. Therefore, this work has addressed the accuracy problem of the API call behaviour classifier models. To achieve that, the work has proposed a biological model that defined as Artificial Costimulation Classifier (ACC). The model can mimic the Costimulation phenomenon that occurred inside the Human Immune Systems (HIS) to control errors and to avoid self-cell attacking. Moreover, Costimulation can work as safety and balance processes inside the Artificial Immune System (AIS). To build the ACC model, this work has employed the Feed forward Back-Propagation Neural Network (FFBP-NN) with Euclidean Distance. The work also used the K-fold cross validation method to validate the dataset. The results of our work showed the ability of the ACC model to improve the accuracy of malicious API call classification up to 90.23%. The results of the ACC model have been compared with four types of classifier models and it shows its outperformance. 2012 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/5536/1/AN_ARTIFICIAL_CO%2DSTIMULATION_CLASSIFIER_FOR_MALICIOUS_API_CALLS_CLASSIFICATION_IN_PORTABLE_EXECUTABLE_MALWARES.pdf Abdulla, Saman Mirza (2012) An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla. PhD thesis, University of Malaya. http://studentsrepo.um.edu.my/5536/ |
| spellingShingle | QA75 Electronic computers. Computer science Abdulla, Saman Mirza An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title | An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title_full | An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title_fullStr | An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title_full_unstemmed | An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title_short | An artificial co-stimulation classifier for malicious API calls classification in portable executable malwares / Saman Mirza Abdulla |
| title_sort | artificial co-stimulation classifier for malicious api calls classification in portable executable malwares / saman mirza abdulla |
| topic | QA75 Electronic computers. Computer science |
| url | http://studentsrepo.um.edu.my/5536/ http://studentsrepo.um.edu.my/5536/1/AN_ARTIFICIAL_CO%2DSTIMULATION_CLASSIFIER_FOR_MALICIOUS_API_CALLS_CLASSIFICATION_IN_PORTABLE_EXECUTABLE_MALWARES.pdf |