查看文章

An application programming interface (API) is an excellent feature since it is a procedure call interface to an operating system resource. Behavior features based on API play an important role in analyzing malware variants. However, the existing malware detection approaches have a lot of complex operations on construction and matching. Graph matching is an NP-complete problem and is time-consuming because of computational complexity. To address these issues, a promising approach is proposed to construct the classified behavior features from different malware families. In the proposed approach, a classified behavior feature consists of a kernel object (an API call parameter) and a series of operations (an API trace). Besides, a classified behavior graph (CBG) is represented as a number by hash to reduce workload and matching time. Subsequently, multiple machine learning classifiers are used for system …