What features can be considered to detect the behavior of malware using data mining techniques through windows API calls?

More Ninyesiga Allan's questions See All

How do i fit such conditions to be known by a machine learning classifier?

I have data which contains a column wit text, For example message1. today,i,go,there2. i,go,there, tomorow suppose i have my python conditionsthat, if message contains "i,go,there"...

05 June 2017 1,724 3 View

Where can i get malicious windows executables?

I am doing Academic Research in malware detection. I would like to get malicious windows executables that i can run to test their behavior. Thank you

10 November 2016 7,409 6 View

Can anyone help me with a data set containing windows API calls for use in detecting malware?

I would like to get a data set of windows API calls to use in a classifier to detect the malware by its behavior. Any one can help i appreciate. Thank you.

09 October 2016 6,276 2 View

Where can i get windows benign API calls data set?

I would like to get windows API calls data set that contain both benign and malicious API calls. Most preferably benign ones. Thank you

01 January 1970 1,402 0 View

How to learn more about SPSS and its Application?

I would like to learn more about SPSS and Its application especially in regards to data analysis. Please suggest me how I can learn more about it. Thank you so much.

11 August 2024 9,101 4 View

Handling Missing Data and Building a Predictive Model with Incomplete Information ?

I am developing a predictive model for a water supply network that involves 20 influencing points. However, I only have historical data for 10 out of these 20 points. I would like to know how to...

10 August 2024 4,005 2 View

Has anyone applied Python in the field of textile engineering for data analysis, automation, or smart textiles?

I'm currently exploring the application of Python in textile engineering, specifically in areas like data analysis, process automation, and the development of smart textiles. I'm interested in...

10 August 2024 7,429 2 View

Which Scopus Journal provides the most affordable fees?

"PUBLISHING IN A SCOPUS JOURNAL" Researchers are now at a cross road. The critical need to publish in a Scopus or ISI, etc journal is ever vital. Journal Publication fees must be submitted....

10 August 2024 8,621 1 View

Seeking Advice on Viability and Execution of Undergraduate Thesis Topic?

Hello everyone, I am currently developing a thesis proposal and would appreciate your input on its viability and how to effectively carry it out. My proposed topic is: "Does the perceived threat...

10 August 2024 8,992 0 View

Who will be moral responsible for the death of thousands of people in the event of an earthquake?

Who will bear moral responsibility for the deaths of thousands of people in the event of an earthquake? Weeks and months remain before the onset of strong earthquakes that bring death to...

08 August 2024 6,134 12 View

Do you know best mines of western part of Afghanistan?

I want to know more about Mn deposits in west of Afghanistan.

07 August 2024 3,427 1 View

Are there any instruments for studying time similar to the way it is in space?

There are a huge number of methods for studying objects in space, according to the senses (and not only). Mechanical, thermal, optical, acoustic, electrical, magnetic, based on particle beams,...

06 August 2024 7,102 0 View

Is Galaxy.org good to use for research for analyzing data and for publication?

Hello all, I wanted to know, can I use galaxy (USA, Europe or Australia) platform for analyzing the shotgun data, and can it be used for publication purpose as well? Thanks :)

06 August 2024 6,610 4 View

Do experts have journals in the field of artificial intelligence and big data that are not indexed by SCI or EI?

05 August 2024 8,836 2 View

Milan Tair

Through file-system listeners (monitoring): Detect access to system files by programs that are not signed by Microsoft (vendor/publisher ID).

Registry listener: Detect changes (writing) made to keys in the Windows system registry at system reserved (system specific) registry paths (keys) by executable files not signed by Microsoft bound to processes initiated by applications that are signed by Microsoft.

Process (task) monitoring: Look for processes started by applications signed by Microsoft to which applications not signed by Microsoft have (at some point) been bounded (embedded/linked etc) and that have thus changed their regular behaviour (profiled earlier, before the introduction of the malicious entity into the system).

Resource hogging: Detect abnormal resource usage (CPU/RAM/VM) by processes of unconfirmed application's publisher (signed in the executable file) credibility over a long period of time.

There are other information that you can acquire by combining data from any two or more of the aforementioned methods and performing some statistical analysis, finding common correlations between them; and at run-time, measuring distance (deviation) from these established common and expected (predicted/predictable) behaviours.

Sanjay Chakraborty

You may follow the following links.....

http://etd.fcla.edu/CF/CFE0002303/Siddiqui_Muazzam_A_200808_PhD.pdf

http://dl.acm.org/citation.cfm?id=1593239

http://ieeexplore.ieee.org/document/5452410/?tp=&arnumber=5452410

https://www.hindawi.com/journals/jcnc/2016/8069672/

http://file.scirp.org/pdf/JIS_2014040110394271.pdf

Ninyesiga Allan

Thank you all for the help. Let me read through and the papers. Am currently pursuing my Masters in computer Security . Doing research on detecting behaviour of malware using data mining approaches. I would really appreciate your help on how best i can go on with it. Thank you all again.

Thanks for the resources but i have some question?

How do i observe what the malware does as it is executing.

Are there tools i can use do do this?

Can those tools help me collect information too to use in data mining for classification?