An evaluation of API calls hooking performance

Marhusin, Mohd Fadzli; Larkin, Henry; Lokan, Chris; Cornforth, David

Title: An evaluation of API calls hooking performance
Creator: Marhusin, Mohd Fadzli; Larkin, Henry; Lokan, Chris; Cornforth, David
Relation: 2008 International Conference on Computational Intelligence and Security (CIS 2008). Proceedings of the 2008 International Conference on Computational Intelligence and Security, Volume 1 (Suzhou, China 13-18 December, 2008) p. 315-319
Publisher Link: http://dx.doi.org/10.1109/CIS.2008.199
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Resource Type: conference paper
Date: 2008
Description: An open research question in malware detection is how to accurately and reliably distinguish a malware program from a benign one, running on the same machine. In contrast to code signatures, which are commonly used in commercial protection software, signatures derived from system calls have the potential to form the basis of a much more flexible defense mechanism. However, the performance degradation caused by monitoring systems calls could adversely impact the machine. In this paper we report our experimental experience in implementing API hooking to capture sequences of API calls. The loading time often common programs was benchmarked with three different settings: plain, computer with antivirus and computer with API hook. Results suggest that the performance of this technique is sufficient to provide a viable approach to distinguishing between benign and malware code execution.
Subject: application program interfaces; digital signatures; invasive software; system monitoring
Identifier: http://hdl.handle.net/1959.13/1057714
Identifier: uon:16244
Identifier: ISBN:9780769535081
Language: eng
Reviewed

Hits: 2072
Visitors: 2297
Downloads: 1

		Thumbnail	File	Description	Size	Format