A novel Bot detection algorithm based on API call correlation

Author

Dong, Xiaomei ; Liu, Fei ; Li, Xiaohua ; Yu, Xiaocong

Author_Institution

Key Lab. of Med. Image Comput., Northeastern Univ., Shenyang, China

Volume

3

fYear

2010

fDate

10-12 Aug. 2010

Firstpage

1157

Lastpage

1162

Abstract

In this paper, a novel Bot detection algorithm for Windows system based on API call correlation was proposed. the coefficient of product-moment correlation was utilized to calculate the correlation of different API calls. More other activities were correlated as well as keylogging. According to the characteristics of different Bot activities with API calls, the membership of different activities were calculated and integrated to form the fuzzy set of unknown process. Lattice Degree was applied to correlate the fuzzy set of unknown processed and the fuzzy sets of known processes. The type of the unknown processes was distinguished utilizing F Pattern Identification. Experimental results show that the algorithm can detect Bots with a high detection rate and can well distinguish between normal processes and Bot process with a low false positive degree.

Keywords

application program interfaces; fuzzy set theory; invasive software; API call correlation; Windows system; bot detection; detection rate; fuzzy set; keylogging; lattice degree; pattern identification; product-moment correlation; Computers; Correlation; Fuzzy sets; Keyboards; Lattices; Monitoring; Software;

fLanguage

English

Publisher

ieee

Conference_Titel

Fuzzy Systems and Knowledge Discovery (FSKD), 2010 Seventh International Conference on

Conference_Location

Yantai, Shandong

Print_ISBN

978-1-4244-5931-5

Type

conf

DOI

10.1109/FSKD.2010.5569154

Filename

5569154