Title :
A novel Bot detection algorithm based on API call correlation
Author :
Dong, Xiaomei ; Liu, Fei ; Li, Xiaohua ; Yu, Xiaocong
Author_Institution :
Key Lab. of Med. Image Comput., Northeastern Univ., Shenyang, China
Abstract :
In this paper, a novel Bot detection algorithm for Windows system based on API call correlation was proposed. the coefficient of product-moment correlation was utilized to calculate the correlation of different API calls. More other activities were correlated as well as keylogging. According to the characteristics of different Bot activities with API calls, the membership of different activities were calculated and integrated to form the fuzzy set of unknown process. Lattice Degree was applied to correlate the fuzzy set of unknown processed and the fuzzy sets of known processes. The type of the unknown processes was distinguished utilizing F Pattern Identification. Experimental results show that the algorithm can detect Bots with a high detection rate and can well distinguish between normal processes and Bot process with a low false positive degree.
Keywords :
application program interfaces; fuzzy set theory; invasive software; API call correlation; Windows system; bot detection; detection rate; fuzzy set; keylogging; lattice degree; pattern identification; product-moment correlation; Computers; Correlation; Fuzzy sets; Keyboards; Lattices; Monitoring; Software;
Conference_Titel :
Fuzzy Systems and Knowledge Discovery (FSKD), 2010 Seventh International Conference on
Conference_Location :
Yantai, Shandong
Print_ISBN :
978-1-4244-5931-5
DOI :
10.1109/FSKD.2010.5569154
