Detecting Unknown Anomalous Program Behavior Using API System Calls

MD Rafiqul Islam; Md. Saiful Islam; Morshed U. Chowdhury

doi:10.1007/978-3-642-25483-3_31

Detecting Unknown Anomalous Program Behavior Using API System Calls

MD Rafiqul Islam, Md. Saiful Islam, Morshed U. Chowdhury

Research output: Book chapter/Published conference paper › Conference paper › peer-review

2 Citations (Scopus)

Abstract

This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

Original language	English
Title of host publication	Proceedings of the International Conference on Informatics Engineering and Information Science
Subtitle of host publication	ICIEIS 2011
Editors	Azizah Abd Manaf, Shamsul Sahibuddin, Rabiah Ahmad, Salwani Modh Daud, Eyas El-Qawashmeh
Place of Publication	Berlin
Publisher	Springer
Pages	383-394
Number of pages	12
Volume	254
ISBN (Electronic)	9783642254826
DOIs	https://doi.org/10.1007/978-3-642-25483-3_31
Publication status	Published - 2011
Event	International Conference on Informatics Engineering and Information Science: ICIEI 2011 - Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia Duration: 14 Nov 2011 → 16 Nov 2011 http://icieis2011.sdiwc.us/ (Event home page)

Publication series

Name	Communications in Computer and Information Science

Conference

Conference	International Conference on Informatics Engineering and Information Science
Country/Territory	Malaysia
City	Kuala Lumpur
Period	14/11/11 → 16/11/11
Internet address	http://icieis2011.sdiwc.us/ (Event home page)

Access to Document

10.1007/978-3-642-25483-3_31

Cite this

Islam, MD. R., Islam, M. S., & Chowdhury, M. U. (2011). Detecting Unknown Anomalous Program Behavior Using API System Calls. In A. Abd Manaf, S. Sahibuddin, R. Ahmad, S. Modh Daud, & E. El-Qawashmeh (Eds.), Proceedings of the International Conference on Informatics Engineering and Information Science: ICIEIS 2011 (Vol. 254, pp. 383-394). (Communications in Computer and Information Science). Springer. https://doi.org/10.1007/978-3-642-25483-3_31

Islam, MD Rafiqul ; Islam, Md. Saiful ; Chowdhury, Morshed U. / Detecting Unknown Anomalous Program Behavior Using API System Calls. Proceedings of the International Conference on Informatics Engineering and Information Science: ICIEIS 2011. editor / Azizah Abd Manaf ; Shamsul Sahibuddin ; Rabiah Ahmad ; Salwani Modh Daud ; Eyas El-Qawashmeh. Vol. 254 Berlin : Springer, 2011. pp. 383-394 (Communications in Computer and Information Science).

@inproceedings{889d07d2844145eea20e0b2fc63f63f4,

title = "Detecting Unknown Anomalous Program Behavior Using API System Calls",

abstract = "This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.",

author = "Islam, {MD Rafiqul} and Islam, {Md. Saiful} and Chowdhury, {Morshed U.}",

note = "Imported on 03 May 2017 - DigiTool details were: publisher = Berlin Heidelberg: Springer, 2011. Event dates (773o) = 14-11-2011-16-11-2011; Parent title (773t) = International Conference on Informatics Engineering and Information Science.; International Conference on Informatics Engineering and Information Science : ICIEI 2011 ; Conference date: 14-11-2011 Through 16-11-2011",

year = "2011",

doi = "10.1007/978-3-642-25483-3_31",

language = "English",

volume = "254",

series = "Communications in Computer and Information Science",

publisher = "Springer",

pages = "383--394",

editor = "{Abd Manaf}, Azizah and Shamsul Sahibuddin and Rabiah Ahmad and {Modh Daud}, Salwani and Eyas El-Qawashmeh",

booktitle = "Proceedings of the International Conference on Informatics Engineering and Information Science",

address = "United States",

url = "http://icieis2011.sdiwc.us/",

}

Islam, MDR, Islam, MS & Chowdhury, MU 2011, Detecting Unknown Anomalous Program Behavior Using API System Calls. in A Abd Manaf, S Sahibuddin, R Ahmad, S Modh Daud & E El-Qawashmeh (eds), Proceedings of the International Conference on Informatics Engineering and Information Science: ICIEIS 2011. vol. 254, Communications in Computer and Information Science, Springer, Berlin, pp. 383-394, International Conference on Informatics Engineering and Information Science, Kuala Lumpur, Malaysia, 14/11/11. https://doi.org/10.1007/978-3-642-25483-3_31

Detecting Unknown Anomalous Program Behavior Using API System Calls. / Islam, MD Rafiqul; Islam, Md. Saiful; Chowdhury, Morshed U.

Proceedings of the International Conference on Informatics Engineering and Information Science: ICIEIS 2011. ed. / Azizah Abd Manaf; Shamsul Sahibuddin; Rabiah Ahmad; Salwani Modh Daud; Eyas El-Qawashmeh. Vol. 254 Berlin : Springer, 2011. p. 383-394 (Communications in Computer and Information Science).

Research output: Book chapter/Published conference paper › Conference paper › peer-review

TY - GEN

T1 - Detecting Unknown Anomalous Program Behavior Using API System Calls

AU - Islam, MD Rafiqul

AU - Islam, Md. Saiful

AU - Chowdhury, Morshed U.

N1 - Imported on 03 May 2017 - DigiTool details were: publisher = Berlin Heidelberg: Springer, 2011. Event dates (773o) = 14-11-2011-16-11-2011; Parent title (773t) = International Conference on Informatics Engineering and Information Science.

PY - 2011

Y1 - 2011

N2 - This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

AB - This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.

U2 - 10.1007/978-3-642-25483-3_31

DO - 10.1007/978-3-642-25483-3_31

M3 - Conference paper

VL - 254

T3 - Communications in Computer and Information Science

SP - 383

EP - 394

BT - Proceedings of the International Conference on Informatics Engineering and Information Science

A2 - Abd Manaf, Azizah

A2 - Sahibuddin, Shamsul

A2 - Ahmad, Rabiah

A2 - Modh Daud, Salwani

A2 - El-Qawashmeh, Eyas

PB - Springer

CY - Berlin

T2 - International Conference on Informatics Engineering and Information Science

Y2 - 14 November 2011 through 16 November 2011

ER -

Islam MDR, Islam MS, Chowdhury MU. Detecting Unknown Anomalous Program Behavior Using API System Calls. In Abd Manaf A, Sahibuddin S, Ahmad R, Modh Daud S, El-Qawashmeh E, editors, Proceedings of the International Conference on Informatics Engineering and Information Science: ICIEIS 2011. Vol. 254. Berlin: Springer. 2011. p. 383-394. (Communications in Computer and Information Science). doi: 10.1007/978-3-642-25483-3_31

Detecting Unknown Anomalous Program Behavior Using API System Calls

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this