{"title":"为实时动态分析检测API挂钩","authors":"Salah Mohammed A. F., M. F. Marhusin, R. Sulaiman","doi":"10.1109/ICoCSec47621.2019.8971017","DOIUrl":null,"url":null,"abstract":"There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.","PeriodicalId":272402,"journal":{"name":"2019 International Conference on Cybersecurity (ICoCSec)","volume":"11 34","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Instrumenting API Hooking for a Realtime Dynamic Analysis\",\"authors\":\"Salah Mohammed A. F., M. F. Marhusin, R. Sulaiman\",\"doi\":\"10.1109/ICoCSec47621.2019.8971017\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.\",\"PeriodicalId\":272402,\"journal\":{\"name\":\"2019 International Conference on Cybersecurity (ICoCSec)\",\"volume\":\"11 34\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Cybersecurity (ICoCSec)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICoCSec47621.2019.8971017\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Cybersecurity (ICoCSec)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICoCSec47621.2019.8971017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Instrumenting API Hooking for a Realtime Dynamic Analysis
There are various approaches to detect malware. Among them is via dynamic analysis which is a very essential technique capable of detecting unknown malware. The dynamic analysis monitors the behaviour of the executable by providing its execution behaviour information. Since the complexity of the malware is increasing, it is important to monitor the malware and study how malware behaves to help in detecting it. In this paper, we highlighted the instrumentation technique to observe behaviour of Portable Executable execution. We briefly explored some of the related works. We discussed about dynamic analysis and Windows API Calls. We discussed on our realtime behaviour monitor. The concept of n-gram was explained and before concluding, several challenges were highlighted.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
