Statistical Study of Imported APIs by PE Type Malware

In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi 2 test to set if...

Full description

Saved in:
Bibliographic Details
Published in2014 International Conference on Advanced Networking Distributed Systems and Applications pp. 82 - 86
Main Authors Belaoued, Mohamed, Mazouzi, Smaine
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2014
Subjects
Computers
Data mining
Malware
Malware analysis
Operating systems
Statistical hypothesis testing
Testing
windows API
Online AccessGet full text

Cover

More Information
Summary:In this paper we introduce a statistical study which enable us to know which are Windows APIs that are most imported by malware codes. To do that, we have used a given number of infected Portable Executable (PE) files and another number of none infected ones. We used statistical Khi 2 test to set if an API is likely used by malware or not. We guess that a given work is necessary and important for behavior-based malware detection, especially which use API importations to analyze PE codes. For experimentation purpose, we have used a large set of PE files extracted from known databases to perform our analysis and establish our conclusions.
DOI:10.1109/INDS.2014.22