Malicious software, called malware, can perform harmful actions on computer systems, which may cause economic damage and information leakage. Therefore, malware classification is meaningful required to prevent attacks. Application programming interface (API) call sequences are easily observed good choices as features for classification. However, one of the main issues how generate a suitable fe...

Document-based code injection attacks, where-in malicious code (coined shellcode) is embedded in a document, have quickly replaced network-service based exploits as the preferred method of attack. In this paper, we present a new technique to aid in forensic and diagnostic analysis of malicious documents detected using dynamic code analysis techniques — namely, automated API call hooking and sim...

Web services are used in software applications as a standard and convenient way of accessing remote applications over the Internet. Web services can be thought of as remote procedure calls. This paper proposes an approach to determine web service substitutability and composability. Because web services may be unreliable, finding other services substitutable for an existing one can increase appl...

The Experimental ATM and Network Services Environment (EXPANSE) prototype provides an experimental testbed for multimedia, multiparty telecommunications services over heterogeneous communications networks. The EXPANSE software architecture supports the functional separation of call and connection control. At the call control layer an object-oriented, transaction-based call model provides for th...

This paper describes the JAINTM JavaTM Call Control (JCC)∗ Application Programming Interface (API), and its relationship to network protocols, in particular the Session Initiation Protocol (SIP). JCC is a high-level object-oriented open, standard API for Next Generation Network (NGN) softswitches that enables rapid creation, by third parties, of services that can run independently of the underl...

Malware writers use evasion techniques like code obfuscation, packing, compression to conceal from Anti-Virus (AV) scanners as AV use syntactic signature to detect a known malware. Our detection approach is based on semantic aspect of PE executable that analyzes API Call-grams to detect unknown malicious code. Static analysis covers all the paths of code which is not possible with dynamic behav...

Application Programming Interfaces (APIs) often have usage constraints, such as call order or call conditions. API misuses, i.e., violations of these constraints, may lead to software crashes, bugs, and vulnerabilities. Though researchers developed many API-misuse detectors over the last two decades, recent studies show that API misuses are still prevalent. Therefore, we need to understand the ...

With the constantly increasing use of mobile devices, the need for effective malware detection algorithms is constantly growing. The research presented in this paper expands upon previous work that applied machine learning techniques to the area of Android malware detection by examining Java API call data as a method for malware detection. In addition to examining a new feature, a significant a...

The sophistication of modern computer malware demands run-time malware detection strategies which are not only efficient but also robust to obfuscation and evasion attempts. In this paper, we investigate the suitability of recently proposed Dendritic Cell Algorithms (DCA), both classical DCA (cDCA) and deterministic DCA (dDCA), for malware detection at run-time. We have collected API call trace...