What features can be considered to detect the behavior of malware using data mining techniques through windows API calls?

More Ninyesiga Allan's questions See All

How do i fit such conditions to be known by a machine learning classifier?

05 June 2017 1,646 3 View

Where can i get malicious windows executables?

10 November 2016 7,343 6 View

Can anyone help me with a data set containing windows API calls for use in detecting malware?

09 October 2016 6,204 2 View

Where can i get windows benign API calls data set?

I would like to get windows API calls data set that contain both benign and malicious API calls. Most preferably benign ones. Thank you

01 January 1970 1,289 0 View

error in running a model in Abaqus

Excessive rotation of nodes in node set ErrNodeExcessRotation-Step1

17 August 2021 0 0 View

error in modelling model in Abaqus

Excessive rotation of nodes in node set ErrNodeExcessRotation-Step1

17 August 2021 0 0 View

MGL tools

20 June 2021 0 0 View

i have some problem with chtMultiRegionSimpleFoam

--> FOAM FATAL ERROR: Maximum number of iterations exceeded From function Foam::scalar Foam::species::thermo::T(Foam::scalar, Foam::scalar, Foam::scalar, Foam::scalar (Foam::species::thermo::*)(Foam::scalar, Foam::scalar) const, Foam::scalar (Foam::species::thermo::*)(Foam::scalar, Foam::scalar) const, Foam::scalar (Foam::species::thermo::*)(Foam::scalar) const) const [with Thermo = Foam::hConstThermo >; Type = Foam::sensibleEnthalpy; Foam::scalar = double; Foam::species::thermo = Foam::species::thermo >, Foam::sensibleEnthalpy>] in file /home/ubuntu/OpenFOAM/OpenFOAM-4.1/src/thermophysicalModels/specie/lnInclude/thermoI.H at line 66. FOAM aborting #0 Foam::error::printStack(Foam::Ostream&) at ??:? #1 Foam::error::abort() at ??:? #2 Foam::heRhoThermo >, Foam::sensibleEnthalpy> > > >::calculate() at ??:? #3 Foam::heRhoThermo >, Foam::sensibleEnthalpy> > > >::correct() at ??:? #4 ? at ??:? #5 __libc_start_main in "/lib/x86_64-linux-gnu/libc.so.6" #6 ? at ??:?

24 March 2021 0 0 View

How to compare two groups with only two measurements?

Hiiiii everyone! I have an enquiry on statistical analysis. I was looking for many forum and it's still cannot solve my problem. I want to compare means of two groups of data but only with two...

03 March 2021 8,796 3 View

What's the best way to measure growth rates in House sparrow chicks from day 2 to day 10?

What's the best way to measure growth rates in House sparrow chicks from day 2 to day 10? Since, the growth curve from day 2 to 10 won't be like the "Logistic curve" it might not follow logistic...

03 March 2021 1,401 3 View

How to increase a model accuracy ?

dear community, my model is based feature extraction from non stationary signals using discrete Wavelet Transform and then using statistical features then machine learning classifiers in order to...

03 March 2021 6,994 5 View

What is the production process of CaFe ferroalloys?

I looking for ferro calcium production process

03 March 2021 1,755 4 View

1. What is the impact of having different scales in a survey? and how can we solve this problem before and after data collection (Literature)?

1. What is the impact of having different scales in a survey? and how can we solve this problem before and after data collection (Literature-based reflection)? Thank you for your time and for...

03 March 2021 2,870 3 View

Resistor definition in Piezoelectric bimorph with ANSYS workbench

Hello, good day! I am trying to simulate similar bimorph piezoelectric harvester with below commands. However, the output power doesn't change with resistor value. Please help to find the reason. ET,10,CIRCU94,0 !SET UP RESISTOR R,1,100000 !RESISTANCE VALUE TYPE,10 !SET ELEMENT TYPE E,1,2 !CREATE RESISTOR BETWEEN NODES 1 AND 2 Thanks in advance Regards,

02 March 2021 0 0 View

Milan Tair

Through file-system listeners (monitoring): Detect access to system files by programs that are not signed by Microsoft (vendor/publisher ID).

Registry listener: Detect changes (writing) made to keys in the Windows system registry at system reserved (system specific) registry paths (keys) by executable files not signed by Microsoft bound to processes initiated by applications that are signed by Microsoft.

Process (task) monitoring: Look for processes started by applications signed by Microsoft to which applications not signed by Microsoft have (at some point) been bounded (embedded/linked etc) and that have thus changed their regular behaviour (profiled earlier, before the introduction of the malicious entity into the system).

Resource hogging: Detect abnormal resource usage (CPU/RAM/VM) by processes of unconfirmed application's publisher (signed in the executable file) credibility over a long period of time.

There are other information that you can acquire by combining data from any two or more of the aforementioned methods and performing some statistical analysis, finding common correlations between them; and at run-time, measuring distance (deviation) from these established common and expected (predicted/predictable) behaviours.

Sanjay Chakraborty

You may follow the following links.....

http://etd.fcla.edu/CF/CFE0002303/Siddiqui_Muazzam_A_200808_PhD.pdf

http://dl.acm.org/citation.cfm?id=1593239

http://ieeexplore.ieee.org/document/5452410/?tp=&arnumber=5452410

https://www.hindawi.com/journals/jcnc/2016/8069672/

http://file.scirp.org/pdf/JIS_2014040110394271.pdf

Ninyesiga Allan

Thank you all for the help. Let me read through and the papers. Am currently pursuing my Masters in computer Security . Doing research on detecting behaviour of malware using data mining approaches. I would really appreciate your help on how best i can go on with it. Thank you all again.

Thanks for the resources but i have some question?

How do i observe what the malware does as it is executing.

Are there tools i can use do do this?

Can those tools help me collect information too to use in data mining for classification?