Title :
Statistical Study of Imported APIs by PE Type Malware
Author :
Belaoued, Mohamed ; Mazouzi, Smaine
Author_Institution :
Dept. of Comput. Sci., Univ. 20 Aout 1955, Skikda, Algeria
Abstract :
In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.
Keywords :
application program interfaces; invasive software; operating systems (computers); statistical testing; API importations; PE type malware; Windows API; behavior-based malware detection; infected portable executable files; malware codes; statistical Khi2 test; statistical study; Computers; Data mining; Malware; Operating systems; Testing; Malware; Malware analysis; Statistical hypothesis testing; windows API;
Conference_Titel :
Advanced Networking Distributed Systems and Applications (INDS), 2014 International Conference on
Conference_Location :
Bejaia
DOI :
10.1109/INDS.2014.22
