@inproceedings{889d07d2844145eea20e0b2fc63f63f4,
title = "Detecting unknown anomalous program behavior using API system calls",
abstract = "This paper presents the detection techniques of anomalous programs based on the analysis of their system call traces. We collect the API calls for the tested executable programs from Microsoft detour system and extract the features for our classification task using the previously established n-gram technique. We propose three different feature extraction approaches in this paper. These are frequency-based, time-based and a hybrid approach which actually combines the first two approaches. We use the well-known classifier algorithms in our experiments using WEKA interface to classify the malicious programs from the benign programs. Our empirical evidence demonstrates that the proposed feature extraction approaches can detect malicious programs over 88% which is quite promising for the contemporary similar research.",
author = "Islam, {MD Rafiqul} and Islam, {Md. Saiful} and Chowdhury, {Morshed U.}",
year = "2011",
doi = "10.1007/978-3-642-25483-3_31",
language = "English",
volume = "254",
series = "Communications in Computer and Information Science",
publisher = "Springer",
pages = "383--394",
editor = "{Abd Manaf}, Azizah and Shamsul Sahibuddin and Rabiah Ahmad and {Modh Daud}, Salwani and Eyas El-Qawashmeh",
booktitle = "Proceedings of the International Conference on Informatics Engineering and Information Science",
address = "United States",
note = "International Conference on Informatics Engineering and Information Science : ICIEI 2011 ; Conference date: 14-11-2011 Through 16-11-2011",
}