Detecting unknown anomalous program behavior using API system calls

Islam, Md. Rafiqul, Islam, Md. Saiful and Chowdhury, Morshed U. 2011, Detecting unknown anomalous program behavior using API system calls, in Informatics engineering and information science, Springer, Berlin, Germany, pp.383-394.

Attached Files
Name Description MIMEType Size Downloads

Title Detecting unknown anomalous program behavior using API system calls
Author(s) Islam, Md. Rafiqul
Islam, Md. Saiful
Chowdhury, Morshed U.
Title of book Informatics engineering and information science
Editor(s) Manaf, Azizah Abd
Sahibuddin, Shamsul
Ahmad, Rabiah
Daud, Salwani Mohd
El-Qawasmeh, Eyas
Publication date 2011
Series Communications in computer and information science; v. 254
Chapter number 31
Total chapters 40
Start page 383
End page 394
Total pages 12
Publisher Springer
Place of Publication Berlin, Germany
Keyword(s) malicious program
API system calls
classification
Summary This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.
ISBN 3642254837
9783642254833
ISSN 1865-0929
1865-0937
Language eng
Field of Research 080303 Computer System Security
Socio Economic Objective 890202 Application Tools and System Utilities
HERDC Research category B1 Book chapter
Copyright notice ©2011, Springer-Verlag Berlin Heidelberg
Persistent URL http://hdl.handle.net/10536/DRO/DU:30043156

Document type: Book Chapter
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Access Statistics: 91 Abstract Views, 8 File Downloads  -  Detailed Statistics
Created: Tue, 13 Mar 2012, 09:49:00 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.