Detecting unknown anomalous program behavior using API system calls

Islam, Md. Rafiqul, Islam, Md. Saiful and Chowdhury, Morshed U. 2011, Detecting unknown anomalous program behavior using API system calls. In Manaf, Azizah Abd, Sahibuddin, Shamsul, Ahmad, Rabiah, Daud, Salwani Mohd and El-Qawasmeh, Eyas (ed), Informatics engineering and information science, Springer, Berlin, Germany, pp.383-394.

Attached Files
Name Description MIMEType Size Downloads

Title Detecting unknown anomalous program behavior using API system calls
Author(s) Islam, Md. Rafiqul
Islam, Md. Saiful
Chowdhury, Morshed U.ORCID iD for Chowdhury, Morshed U.
Title of book Informatics engineering and information science
Editor(s) Manaf, Azizah Abd
Sahibuddin, Shamsul
Ahmad, Rabiah
Daud, Salwani Mohd
El-Qawasmeh, Eyas
Publication date 2011
Series Communications in computer and information science; v. 254
Chapter number 31
Total chapters 40
Start page 383
End page 394
Total pages 12
Publisher Springer
Place of Publication Berlin, Germany
Keyword(s) malicious program
API system calls
Summary This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.
ISBN 3642254837
ISSN 1865-0929
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category B1 Book chapter
Copyright notice ©2011, Springer-Verlag Berlin Heidelberg
Persistent URL

Document type: Book Chapter
Collection: School of Information Technology
Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 1 times in TR Web of Science
Scopus Citation Count Cited 2 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 321 Abstract Views, 10 File Downloads  -  Detailed Statistics
Created: Tue, 13 Mar 2012, 09:49:00 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact