- Title
- An evaluation of API calls hooking performance
- Creator
- Marhusin, Mohd Fadzli; Larkin, Henry; Lokan, Chris; Cornforth, David
- Relation
- 2008 International Conference on Computational Intelligence and Security (CIS 2008). Proceedings of the 2008 International Conference on Computational Intelligence and Security, Volume 1 (Suzhou, China 13-18 December, 2008) p. 315-319
- Publisher Link
- http://dx.doi.org/10.1109/CIS.2008.199
- Publisher
- Institute of Electrical and Electronics Engineers (IEEE)
- Resource Type
- conference paper
- Date
- 2008
- Description
- An open research question in malware detection is how to accurately and reliably distinguish a malware program from a benign one, running on the same machine. In contrast to code signatures, which are commonly used in commercial protection software, signatures derived from system calls have the potential to form the basis of a much more flexible defense mechanism. However, the performance degradation caused by monitoring systems calls could adversely impact the machine. In this paper we report our experimental experience in implementing API hooking to capture sequences of API calls. The loading time often common programs was benchmarked with three different settings: plain, computer with antivirus and computer with API hook. Results suggest that the performance of this technique is sufficient to provide a viable approach to distinguishing between benign and malware code execution.
- Subject
- application program interfaces; digital signatures; invasive software; system monitoring
- Identifier
- http://hdl.handle.net/1959.13/1057714
- Identifier
- uon:16244
- Identifier
- ISBN:9780769535081
- Language
- eng
- Reviewed
- Hits: 2069
- Visitors: 2294
- Downloads: 1
Thumbnail | File | Description | Size | Format |
---|