Multi-Perspective Analysis Integrating API and DLL Features for Malware Detection

Multi-Perspective Analysis Integrating API and DLL Features for Malware Detection

연구 분야: Safety

학회: 2025 10th International Conference on Intelligent Computing and Signal Processing (ICSP)

API has become one of the important means for malware detection due to its numerous features that are beneficial for such detection. Besides API sequences, the DLL called during software runtime can also serve as a means to assist in malware detection. Therefore, this paper proposes a multi-angle analysis method that combines API and DLL. 1. By constructing a graph of DLL to determine the correlation of referenced DLL, it can be used to prove the existence of malware. 2. Using clustering and multi-order transition probability matrices to describe the features in API sequence fragments and judge the malicious behavior of API sequence fragments. By using CNN to learn features and integrating API features with DLL features for detection. Finally, we compare multiple research methods to verify the effectiveness of the method proposed in this paper.