Research Article
Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph
Table 11
System call dictionary of Trojans.
| | Functionality | System call list |
| | Processor & bus | NtFlushInstructionCache |
| | Local procedure call | NtConnectPort, NtRequestWaitReplyPort, NtAlpcConnectPort, and NtAlpcSendWaitReceivePort |
| | Memory | NtMapViewOfSection |
| | File & general I/O | NtCreateFile, NtQueryInformationFile, and NtCreateIoCompletion |
| | Object | NtClose |
| | Atoms | NtAddAtom |
| | Processes & thread | NtCreateThread, NtResumeThread, NtCreateProcessEx, NtQuerySystemInformation, NtCreateWorkerFactory, and NtQueryInformationProcess |
| | Synchronization | NtCreateKeyedEvent and NtCreateMutant |
| | Timers & system time | NtCreateTimer |
|
|
