Malware Similarity Analysis using API Sequence Alignments

Malware variants could be defined as malware that have similar malcious behavior. In this paper, a sequence alignment method, the method widely used in Bioinformatics, was used to detect malware variants. This method can find the common parts of Malware’s API call sequences, and these common API call sequences can be used to detect similar behaviors of malware variants. However, when a sequence alignment method is applied to compare the API call sequences, the performance depends on lengths of API call sequences and if the lengths are too long, the performance would be very poor. Therefore, in this paper, we devised a malware similarity calculation system to detect malware variants and suggested an improved process which can reduce sequence alignment overheads. Finally, our proposed system was tested with two given malware families and it can be used to verify whether the given malware variants have similar behaviors. Experimental results show that our method can be leveraged in the malware detection system.