Dynamic Detection of Unknown Malicious Executables Base on API Interception

Author

Chen, Fei ; Fu, Yan

Author_Institution

Dept. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China

fYear

2009

fDate

25-26 April 2009

Firstpage

329

Lastpage

332

Abstract

In this paper, we propose a new approach for the dynamic detection of malicious executables on the platform of Windows. Our approach extracts signatures of malicious executable´s behaviors by using API (Application Program Interface) interception technique which makes possible the detection of unknown malicious executables. The dynamic detection of unknown malicious executables is achieved in three major steps: getting the sequence of API function calls of the executable, processing the API sequence to generate a vector, calculating the similarity between the vector and the feature library constructed by security policies to verify if the executable is malicious. The experiment confirms that this approach is effective in detection of unknown malicious executables.

Keywords

application program interfaces; security of data; API interception; API sequence; Windows; application program interface interception technique; dynamic detection; security policies; unknown malicious executables; Application software; Computer science; Cryptography; Data engineering; Databases; Encapsulation; Libraries; Monitoring; Pattern matching; Security; API interception; dynamic detection; unknown malicious executables;

fLanguage

English

Publisher

ieee

Conference_Titel

Database Technology and Applications, 2009 First International Workshop on

Conference_Location

Wuhan, Hubei

Print_ISBN

978-0-7695-3604-0

Type

conf

DOI

10.1109/DBTA.2009.127

Filename

5207748