PE类型恶意软件导入api统计研究

2014 International Conference on Advanced Networking Distributed Systems and Applications Pub Date : 2014-06-17 DOI:10.1109/INDS.2014.22

Mohamed Belaoued, S. Mazouzi

{"title":"PE类型恶意软件导入api统计研究","authors":"Mohamed Belaoued, S. Mazouzi","doi":"10.1109/INDS.2014.22","DOIUrl":null,"url":null,"abstract":"In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.","PeriodicalId":388358,"journal":{"name":"2014 International Conference on Advanced Networking Distributed Systems and Applications","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Statistical Study of Imported APIs by PE Type Malware\",\"authors\":\"Mohamed Belaoued, S. Mazouzi\",\"doi\":\"10.1109/INDS.2014.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.\",\"PeriodicalId\":388358,\"journal\":{\"name\":\"2014 International Conference on Advanced Networking Distributed Systems and Applications\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Advanced Networking Distributed Systems and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDS.2014.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Advanced Networking Distributed Systems and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDS.2014.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

在本文中，我们介绍了一个统计研究，使我们能够知道哪些是最容易被恶意代码导入的Windows api。为此，我们使用了给定数量的受感染的可移植可执行文件(PE)和另一个未受感染的文件。我们使用统计Khi2测试来设置API是否可能被恶意软件使用。我们猜测，给定的工作对于基于行为的恶意软件检测是必要和重要的，特别是使用API导入来分析PE代码。出于实验目的，我们使用了从已知数据库中提取的大量PE文件来执行分析并得出结论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Statistical Study of Imported APIs by PE Type Malware

In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 International Conference on Advanced Networking Distributed Systems and Applications

自引率

0.00%

发文量