• DocumentCode
    167151
  • Title

    Statistical Study of Imported APIs by PE Type Malware

  • Author

    Belaoued, Mohamed ; Mazouzi, Smaine

  • Author_Institution
    Dept. of Comput. Sci., Univ. 20 Aout 1955, Skikda, Algeria
  • fYear
    2014
  • fDate
    17-19 June 2014
  • Firstpage
    82
  • Lastpage
    86
  • Abstract
    In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.
  • Keywords
    application program interfaces; invasive software; operating systems (computers); statistical testing; API importations; PE type malware; Windows API; behavior-based malware detection; infected portable executable files; malware codes; statistical Khi2 test; statistical study; Computers; Data mining; Malware; Operating systems; Testing; Malware; Malware analysis; Statistical hypothesis testing; windows API;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Networking Distributed Systems and Applications (INDS), 2014 International Conference on
  • Conference_Location
    Bejaia
  • Type

    conf

  • DOI
    10.1109/INDS.2014.22
  • Filename
    6969062
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=167151