Title :
Dynamic Detection of Unknown Malicious Executables Base on API Interception
Author :
Chen, Fei ; Fu, Yan
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
In this paper, we propose a new approach for the dynamic detection of malicious executables on the platform of Windows. Our approach extracts signatures of malicious executable´s behaviors by using API (Application Program Interface) interception technique which makes possible the detection of unknown malicious executables. The dynamic detection of unknown malicious executables is achieved in three major steps: getting the sequence of API function calls of the executable, processing the API sequence to generate a vector, calculating the similarity between the vector and the feature library constructed by security policies to verify if the executable is malicious. The experiment confirms that this approach is effective in detection of unknown malicious executables.
Keywords :
application program interfaces; security of data; API interception; API sequence; Windows; application program interface interception technique; dynamic detection; security policies; unknown malicious executables; Application software; Computer science; Cryptography; Data engineering; Databases; Encapsulation; Libraries; Monitoring; Pattern matching; Security; API interception; dynamic detection; unknown malicious executables;
Conference_Titel :
Database Technology and Applications, 2009 First International Workshop on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-3604-0
DOI :
10.1109/DBTA.2009.127
