Deakin University
Browse

File(s) under permanent embargo

Detecting unknown anomalous program behavior using API system calls

chapter
posted on 2011-01-01, 00:00 authored by MD Rafiqul Islam, Saiful Islam, Morshed ChowdhuryMorshed Chowdhury
This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

History

Title of book

Informatics engineering and information science

Series

Communications in computer and information science; v. 254

Chapter number

31

Pagination

383 - 394

Publisher

Springer

Place of publication

Berlin, Germany

ISSN

1865-0929

eISSN

1865-0937

ISBN-13

9783642254833

ISBN-10

3642254837

Language

eng

Publication classification

B1 Book chapter

Copyright notice

2011, Springer-Verlag Berlin Heidelberg

Extent

40

Editor/Contributor(s)

A Manaf, S Sahibuddin, R Ahmad, S Daud, E El-Qawasmeh

Usage metrics

    Research Publications

    Categories

    No categories selected

    Keywords

    malicious programAPI system callsclassificationScience & TechnologyTechnologyComputer Science, Information SystemsComputer Science, Software EngineeringComputer Science, Theory & MethodsComputer Science

    Licence

    All Rights Reserved

    Exports