Exploring Behavioral Aspects of API Calls for Malware Identification and Categorization

Present day scenario shows a drastic increase in the growth of the malware. According to Kaspersky Security Lab report, India ranks seventh in offline threats and ninth in online threats caused by malware, among top ten countries of the world. Advancement in the evasion techniques like code obfuscation, packing, encryption or polymorphism help malware writers to avoid detection of their malwares by Anti-Virus Scanners (AVS), as AVS primarily fails to detect unknown malwares. In this paper we elucidate a malware detection method based on mining behavioral aspects of API calls, as extraction and interpretation of API calls can help in determining the behavior and functions of a program. We propose a feature selection algorithm to select unique and distinct APIs and then we have applied machine learning techniques for categorizing malicious and benign PE files.