Malware Analysis Mechanism using the Word Cloud based on API Statistics

API 통계 기반의 워드 클라우드를 이용한 악성코드 분석 기법

  • Yu, Sung-Tae (Dept. of Information Security, Hoseo University) ;
  • Oh, Soo-Hyun (Dept. of Information Security, Hoseo University)
  • 유성태 (호서대학교 정보보호학과) ;
  • 오수현 (호서대학교 정보보호학과)
  • Received : 2015.07.10
  • Accepted : 2015.10.08
  • Published : 2015.10.31


Tens of thousands of malicious codes are generated on average in a day. New types of malicious codes are surging each year. Diverse methods are used to detect such codes including those based on signature, API flow, strings, etc. But most of them are limited in detecting new malicious codes due to bypass techniques. Therefore, a lot of researches have been performed for more efficient detection of malicious codes. Of them, visualization technique is one of the most actively researched areas these days. Since the method enables more intuitive recognition of malicious codes, it is useful in detecting and examining a large number of malicious codes efficiently. In this paper, we analyze the relationships between malicious codes and Native API functions. Also, by applying the word cloud with text mining technique, major Native APIs of malicious codes are visualized to assess their maliciousness. The proposed malicious code analysis method would be helpful in intuitively probing behaviors of malware.


Supported by : 호서대학교


  1. Tae-hyung Kim, "Security, IT industry trends", boannews, 2015,
  2. Kyung-ho Son, "This year mobile security keyword, banking, payment, SMS phishing, IoT", ZDNetKorea, 2015,
  3. Pauline KOH, "System call sequence based malware analysis", pp. 4, Korea University, 2013.
  4. E. Carrera, Gergely Erdelyi, "Digital genome mapping-advanced binary malware analysis", Virus Bulletin Conference, 2004.
  5. won-hyuck choi, "Inference virus variants Using the Virus Genome", Monthly CyberSecurity, 2005.
  6. Jae-Hyun Im, "Malware detection method using Visualization technique", pp. 6, Hanyang University, 2014
  7. In-Soo Song, Dong-Hui Lee, Kui-Nam Kim, "A Study on Malicious Codes Crouping and Analysis Using Visualiztion", pp. 51-60, journal of information and security, 2010.
  8. Tae-woo Kang, Jae-ik cho, Man-hyun Chung, Jong-sub Moon, "Malware Detection Via Hybrid Analysis for API Calls", Journal of The Korea Institute of Information Security & Cryptology, Vol. 17, No. 6, pp. 89-98, 2007
  9. Jae-woo Park, Sung-tae Moon, Gi-Wook Son, In-Kyoung Kim, Kyoung-Soo Han, Eul-Gyu Im, ll-Gon Kim, "An Automatic Malware Classification System using String Lsit and APIs", Journal of Security Engineering, Vol. 8, No. 5, pp. 611-626, 2011.
  10. Jae-ho Lee, Sangjin-Lee, "A Study on Unknown Malware Detection using Digital Forensic Techniques", Journal of The Korea Institute of Information Security & Cryptology, Vol. 24, No. 1, pp. 107-122, 2014. DOI: