An evaluation of API calls hooking performance Marhusin, Mohd Fadzli, Larkin, Henry, Lokan, Chris and Cornforth, David 2008, An evaluation of API calls hooking performance, in CIS 2008 : International Conference on Computational Intelligence and Security, IEEE, Piscataway, N.J., pp. 315-319, doi: 10.1109/CIS.2008.199. Attached Files Name Description MIMEType Size Downloads larkin-evaluationAPI-2008.pdf Published version application/pdf 426.65KB 677 Title An evaluation of API calls hooking performance Author(s) Marhusin, Mohd Fadzli Larkin, Henry orcid.org/0000-0001-5867-1542 Lokan, Chris Cornforth, David Conference name Computational Intelligence and Security. Conference (2008 : Suzhou, China) Conference location Suzhou, China Conference dates 13-17 Dec. 2008 Title of proceedings CIS 2008 : International Conference on Computational Intelligence and Security Editor(s) [Unknown] Publication date 2008 Conference series Computational Intelligence and Security Conference Start page 315 End page 319 Total pages 5 Publisher IEEE Place of publication Piscataway, N.J. Keyword(s) artificial intelligence computer security security information technology Summary An open research question in malware detection is how to accurately and reliably distinguish a malware program from a benign one, running on the same machine. In contrast to code signatures, which are commonly used in commercial protection software, signatures derived from system calls have the potential to form the basis of a much more flexible defense mechanism. However, the performance degradation caused by monitoring systems calls could adversely impact the machine. In this paper we report our experimental experience in implementing API hooking to capture sequences of API calls. The loading time often common programs was benchmarked with three different settings: plain, computer with antivirus and computer with API hook. Results suggest that the performance of this technique is sufficient to provide a viable approach to distinguishing between benign and malware code execution ISBN 9780769535081 Language eng DOI 10.1109/CIS.2008.199 Field of Research 089999 Information and Computing Sciences not elsewhere classified Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences HERDC Research category E1.1 Full written paper - refereed Copyright notice ©2008, IEEE Free to Read? Yes Persistent URL http://hdl.handle.net/10536/DRO/DU:30063699 Document type: Conference Paper Collections: Faculty of Science, Engineering and Built Environment School of Information Technology Open Access Collection Related Links Link Description Connect to published version (restricted access) Go to link with your DU access privileges     Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved. Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au. Versions Version Filter Type Thu, 29 May 2014, 14:49:14 EST Tue, 03 Jun 2014, 11:14:07 EST Wed, 04 Jun 2014, 11:42:02 EST Wed, 04 Jun 2014, 14:10:44 EST Thu, 05 Jun 2014, 09:54:02 EST Tue, 06 Sep 2016, 23:47:05 EST Wed, 06 Dec 2017, 06:06:52 EST Sat, 13 Jan 2018, 01:43:11 EST Fri, 07 Sep 2018, 17:55:19 EST Filtered Full Citation counts:   Cited 1 times in TR Web of Science Cited 5 times in Scopus Search Google Scholar Access Statistics: 297 Abstract Views, 677 File Downloads  -  Detailed Statistics Created: Thu, 29 May 2014, 14:49:14 EST