Openly accessible

An evaluation of API calls hooking performance

Marhusin, Mohd Fadzli, Larkin, Henry, Lokan, Chris and Cornforth, David 2008, An evaluation of API calls hooking performance, in CIS 2008 : International Conference on Computational Intelligence and Security, IEEE, Piscataway, N.J., pp. 315-319, doi: 10.1109/CIS.2008.199.

Attached Files
Name Description MIMEType Size Downloads
larkin-evaluationAPI-2008.pdf Published version application/pdf 426.65KB 312

Title An evaluation of API calls hooking performance
Author(s) Marhusin, Mohd Fadzli
Larkin, HenryORCID iD for Larkin, Henry orcid.org/0000-0001-5867-1542
Lokan, Chris
Cornforth, David
Conference name Computational Intelligence and Security. Conference (2008 : Suzhou, China)
Conference location Suzhou, China
Conference dates 13-17 Dec. 2008
Title of proceedings CIS 2008 : International Conference on Computational Intelligence and Security
Editor(s) [Unknown]
Publication date 2008
Conference series Computational Intelligence and Security Conference
Start page 315
End page 319
Total pages 5
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) artificial intelligence
computer security
security
information technology
Summary An open research question in malware detection is how to accurately and reliably distinguish a malware program from a benign one, running on the same machine. In contrast to code signatures, which are commonly used in commercial protection software, signatures derived from system calls have the potential to form the basis of a much more flexible defense mechanism. However, the performance degradation caused by monitoring systems calls could adversely impact the machine. In this paper we report our experimental experience in implementing API hooking to capture sequences of API calls. The loading time often common programs was benchmarked with three different settings: plain, computer with antivirus and computer with API hook. Results suggest that the performance of this technique is sufficient to provide a viable approach to distinguishing between benign and malware code execution
ISBN 9780769535081
Language eng
DOI 10.1109/CIS.2008.199
Field of Research 089999 Information and Computing Sciences not elsewhere classified
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1.1 Full written paper - refereed
Copyright notice ©2008, IEEE
Free to Read? Yes
Persistent URL http://hdl.handle.net/10536/DRO/DU:30063699

Document type: Conference Paper
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 0 times in TR Web of Science
Scopus Citation Count Cited 1 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 86 Abstract Views, 312 File Downloads  -  Detailed Statistics
Created: Thu, 29 May 2014, 14:49:14 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.