Abstract
Application Programming Interface (API) calls in windows operating system (OS) is an attractive feature for malware analysis and detection as they can properly reflect the actions of portable executable (PE) files. In this paper, we provide an approach based on sequential pattern mining (SPM) for the analysis of malware behavior during executions. A dataset that contains sequences of API calls made by different malware on Windows OS is first abstracted into a suitable format (sequences of integers). SPM algorithms are then used on the corpus to find frequent API calls and their patterns. Moreover, sequential rules between API calls patterns as well as maximal and closed frequent API calls are discovered. Obtained preliminary results suggest that discovered frequent patterns of API calls and sequential rules between them can be used in the development of malware detection and classification techniques.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
