The rapid evolution of malware presents a growing cybersecurity challenge, necessitating advanced detection and classification techniques. This research explores the API call frequency approach for classifying five malware families: Banker, Ransomware, Trojan PSW, Backdoor, and Downloader. Our study focuses on two key perspectives: Total time analysis and early-stage classification within the first ten seconds of malware execution. We employ discrete accumulated and individual time analysis to assess the potential of early-stage malware classification. We performed binary classification, distinguishing each malware family from the others. Among the tested models, Random Forest achieved the best performance, with accuracy ranging from 91.3% to 99.4% across the five malware families. Notably, the early-stage classification using accumulated analysis within 5–10 s closely aligns with results from total execution time analysis and demonstrates the feasibility of early malware classification.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Malware Detection Through API Call Frequency: Assessing Early-Stage versus Full-Time Classification Potential

  • Neshat Ali Dad,
  • Luis F. Lago-Fernández,
  • Francisco B. Rodríguez

摘要

The rapid evolution of malware presents a growing cybersecurity challenge, necessitating advanced detection and classification techniques. This research explores the API call frequency approach for classifying five malware families: Banker, Ransomware, Trojan PSW, Backdoor, and Downloader. Our study focuses on two key perspectives: Total time analysis and early-stage classification within the first ten seconds of malware execution. We employ discrete accumulated and individual time analysis to assess the potential of early-stage malware classification. We performed binary classification, distinguishing each malware family from the others. Among the tested models, Random Forest achieved the best performance, with accuracy ranging from 91.3% to 99.4% across the five malware families. Notably, the early-stage classification using accumulated analysis within 5–10 s closely aligns with results from total execution time analysis and demonstrates the feasibility of early malware classification.