Elements of information theory
Elements of information theory
Data mining: concepts and techniques
Data mining: concepts and techniques
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Semantics-Aware Malware Detection
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
A practical mimicry attack against powerful system-call monitors
Proceedings of the 2008 ACM symposium on Information, computer and communications security
A malware detection algorithm based on multi-view fusion
ICONIP'10 Proceedings of the 17th international conference on Neural information processing: models and applications - Volume Part II
Application of evolutionary algorithms in detecting SMS spam at access layer
Proceedings of the 13th annual conference on Genetic and evolutionary computation
Run-time malware detection based on positive selection
Journal in Computer Virology
Feature reduction to speed up malware classification
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Mining control flow graph as API call-grams to detect portable executable malware
Proceedings of the Fifth International Conference on Security of Information and Networks
A comparative study of malware family classification
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Information Sciences: an International Journal
Review: Classification of malware based on integrated static and dynamic features
Journal of Network and Computer Applications
Behavioural detection with API call-grams to identify malicious PE files
Proceedings of the First International Conference on Security of Internet of Things
Hi-index | 0.00 |
Run-time monitoring of program execution behavior is widely used to discriminate between benign and malicious processes running on an end-host. Towards this end, most of the existing run-time intrusion or malware detection techniques utilize information available in Windows Application Programming Interface (API) call arguments or sequences. In comparison, the key novelty of our proposed tool is the use of statistical features which are extracted from both spatial arguments) and temporal (sequences) information available in Windows API calls. We provide this composite feature set as an input to standard machine learning algorithms to raise the final alarm. The results of our experiments show that the concurrent analysis of spatio-temporal features improves the detection accuracy of all classifiers. We also perform the scalability analysis to identify a minimal subset of API categories to be monitored whilst maintaining high detection accuracy.