System Calls for Malware Detection and Classification: Methodologies and Applications
It addresses the problem of detecting complex malware for cybersecurity practitioners, but is incremental as it synthesizes existing methodologies.
This chapter reviews the use of system calls for malware detection and classification, covering techniques like static and dynamic analysis combined with machine learning to differentiate normal and malicious behavior across various operating systems.
As malware continues to become more complex and harder to detect, Malware Analysis needs to continue to evolve to stay one step ahead. One promising key area approach focuses on using system calls and API Calls, the core communication between user applications and the operating system and their kernels. These calls provide valuable insight into how software or programs behaves, making them an useful tool for spotting suspicious or harmful activity of programs and software. This chapter takes a deep down look at how system calls are used in malware detection and classification, covering techniques like static and dynamic analysis, as well as sandboxing. By combining these methods with advanced techniques like machine learning, statistical analysis, and anomaly detection, researchers can analyze system call patterns to tell the difference between normal and malicious behavior. The chapter also explores how these techniques are applied across different systems, including Windows, Linux, and Android, while also looking at the ways sophisticated malware tries to evade detection.