Paper Info
Title
Using spatio-temporal information in API calls with machine learning algorithms for malware detection
Abstract
Run-time monitoring of program execution behavior is widely used to discriminate between benign and malicious processes running on an end-host. Towards this end, most of the existing run-time intrusion or malware detection techniques utilize information available in Windows Application Programming Interface (API) call arguments or sequences. In comparison, the key novelty of our proposed tool is the use of statistical features which are extracted from both spatial arguments) and temporal (sequences) information available in Windows API calls. We provide this composite feature set as an input to standard machine learning algorithms to raise the final alarm. The results of our experiments show that the concurrent analysis of spatio-temporal features improves the detection accuracy of all classifiers. We also perform the scalability analysis to identify a minimal subset of API categories to be monitored whilst maintaining high detection accuracy.
Year
DOI
Venue
2009
10.1145/1654988.1655003
AISec
Keywords
Field
DocType
concurrent analysis,call argument,detection accuracy,high detection accuracy,run-time monitoring,windows api,windows application programming,api category,scalability analysis,malware detection technique,spatio-temporal information,markov chain,machine learning
Data mining,Computer science,Feature set,Application programming interface,Artificial intelligence,Intrusion,ALARM,Markov chain,Algorithm,Novelty,Malware,Machine learning,Scalability
Conference
Citations 
PageRank 
References 
46
2.16
9
Authors
4
Name
Order
Citations
PageRank
Faraz Ahmed11248.63
Haider Hameed2462.16
M. Zubair Shafiq354643.41
Muddassar Farooq4122183.47