A Study on Malware Clustering Technique Using API Call Sequence and Locality Sensitive Hashing
API 콜 시퀀스와 Locality Sensitive Hashing을 이용한 악성코드 클러스터링 기법에 관한 연구

Dong Woo Goh, Huy Kang Kim
2017 Journal of the Korea Institute of Information Security and Cryptology  
API call sequence analysis is a kind of analysis using API call information extracted in target program. Compared to other techniques, this is advantageous as it can characterize the behavior of the target. However, existing API call sequence analysis has an issue of identifying same characteristics to different function during the analysis. To resolve the identification issue and improve performance of analysis, this study includes the method of API abstraction technique in addition to
more » ... analysis. From there on, similarity between target programs is computed and clustered into similar types by applying LSH to abstracted API call sequence from analyzed target. Thus, this study can attribute in improving the accuracy of the malware analysis based on discovered information on the types of malware identified.
doi:10.13089/jkiisc.2017.27.1.91 fatcat:mkpfkgpjffcchdalvz6hdomwku