Detecting Malicious Behaviors of Software through Analysis of API Sequence k-gramsi

Nowadays, software is widely applied to increase accuracy, efficiency, and convenience in various areas in our life. So, it is essential to use software in our recent computing environments. Despite of the valuable applications of software, malicious behaviors caused by vulnerability of software threaten our secure computing environments. So, it is important to identify and detect malicious behaviors of software for maintaining computing environments. In this paper, we propose an approach to detecting malicious behaviors of software by analyzing information of API function calls. API function calls are essentially used to make use of various services provided by operating systems or devices in developing software. In addition, API functions can describe the behaviors of software because they perform predefined specific operations during program execution. In this paper, we classify API functions in Microsoft Windows operating systems, and propose an approach to representing malicious behaviors of software with API functions. We propose an approach to detecting malicious behaviors of software by analyzing dynamic API function calls. To increase the efficiency and the tolerance of the analysis, malicious behaviors are abstracted as sets of k-grams, and they can be identified by calculating similarity between the sets of k-grams and a sequence of API function calls.