A Dynamic Malware Detection Approach by Mining the Frequency of API Calls
Dynamic detection method based on software behavior is an efficient and effective way for anti-virus technology. Malware and benign executable differ mainly in the implementation of some special behavior to propagation and destruction. A program's execution flow is essentially equivalent to the stream of API calls. Analyzing the API calls frequency from six kinds of behaviors in the same time has the very well differentiate between malicious and benign executables. This paper proposed a dynamic malware detection approach by mining the frequency of sensitive native API calls and described experiments conducted against recent Win32 malware. Experimental results indicate that the detection rate of proposed method is 98% and the value of the AUC is 0.981. Furthermore, proposed method can identify known and unknown malware.