Performance evaluation of string based malware detection methods

Conventional signature-based malware detection techniques have been used for many years because of their high detection rates and low false positive rates. However, signature-based detection techniques are regarded as ineffective due to their inability to detect unseen, new, polymorphic and metamorphic malware. To affect the weaknesses of the signature-based detection techniques, researchers have turned into behavioural-based detection techniques whereby a malware behavioural is constructed by capturing malware API calls during execution. In this context, API call sequences matching techniques are widely used to compute malware similarities. However, API call sequences matching techniques require large processing resources which make the process slow due to computational complexity and therefore, cannot scale to large API call sequences. To mitigate its problem, Longest Common Substring and Longest Common Subsequence have been used in this paper for strings matching in order to detect malware and their variants. In this paper we evaluate these two algorithms in the context of malware detection rate and false alarm rate.