Research Article
Mal-Netminer: Malware Classification Approach Based on Social Network Analysis of System Call Graph
Table 12
System call dictionary of worms.
| | Functionality | System call list |
| | Processor & bus | NtFlushInstructionCache |
| | Local procedure call | NtAlpcCreateSecurityContext and NtAlpcSetInformation |
| | Memory | NtMapViewOfSection |
| | Registry | NtEnumerateKey and NtEnumerateValueKey |
| | Miscellaneous | NtQuerySystemInformation |
| | File & general I/O | NtCreateFile and NtDeviceIoControlFile |
| | Object | NtClose |
| | Atoms | NtAddAtom |
| | Processes & thread | NtCreateThread, NtResumeThread, NtCreateProcessEx, and NtQueryInformationProcess |
| | Synchronization | NtReleaseMutant |
| | Timers & system time | NtSetTimer and NtQueryPerformanceCounter |
|
|
