Research Article

Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models

Volume: 13 Number: 4 December 29, 2024
EN

Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models

Abstract

The rapid evolution of malware presents significant challenges in cybersecurity. This study investigates the efficacy of various machine learning and ensemble learning models for malware detection using dynamic analysis. The dynamic datasets, contain API calls and permissions, enabling real-time monitoring of malware behavior. In conclusion, for both the VirusSample and VirusShare datasets, the random forest (RF) model achieved the best results among machine learning models, with accuracies of %94.69 and %85.72, respectively. For the VirusSample dataset, the stacking ensemble learning model, which uses RF and decision trees (DT) as base classifiers and K-nearest neighbors (KNN) as the meta classifier, achieved the highest accuracy of %94.52. In contrast, for the VirusShare dataset, the stacking ensemble learning model, which uses RF, KNN, and gradient boosting (GB) as base classifiers and support vector machine (SVM) as the meta classifier, achieved the highest accuracy of %85.7. These results underscore the superiority of dynamic analysis and the effectiveness of ensemble methods in enhancing malware detection accuracy. This study contributes to the optimization of machine learning models and the advancement of cybersecurity solutions.

Keywords

References

  1. [1] S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, “Execute this! analyzing unsafe and malicious dynamic code loading in android applications,” in Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS), vol. 14, 2014, pp. 23–26.
  2. [2] M. Ahmad, V. Costamagna, B. Crispo, F. Bergadano, and Y. Zhauniarovich, “Stadart: Addressing the problem of dynamic code updates in the security analysis of android applications,” Journal of Systems and Software, vol. 159, p. 110386, 2020.
  3. [3] Y. Rosmansyah, B. Dabarsyah et al., “Malware detection on android smartphones using api class and machine learning,” in 2015 International Conference on Electrical Engineering and Informatics (ICEEI), 2015, pp. 294–297.
  4. [4] A. Roy, D. S. Jas, G. Jaggi, and K. Sharma, “Android malware detection based on vulnerable feature aggregation,” Procedia Computer Science, vol. 173, pp. 345–353, 2020. [5] F. Shen, J. Del Vecchio, A. Mohaisen, S. Y. Ko, and L. Ziarek, “Android malware detection using complex-flows,” IEEE Transactions on Mobile Computing, vol. 18, no. 6, pp. 1231–1245, 2018. [6] T. Chen, H. Zeng, M. Lv, and T. Zhu, “Ctimd: Cyber threat intelligence enhanced malware detection using api call sequences with parameters,” Computers & Security, vol. 136, p. 103518, 2024.
  5. [7] S. Zhang, J. Wu, M. Zhang, and W. Yang, “Dynamic malware analysis based on api sequence semantic fusion,” Applied Sciences, vol. 13, no. 11, 2023.
  6. [8] A. A. Alhashmi, A. A. Darem, A. M. Alashjaee, S. M. Alanazi, T. M. Alkhaldi, S. A. Ebad, F. A. Ghaleb, and A. M. Almadani, “Similarity-based hybrid malware detection model using api calls,” Mathematics, vol. 11, no. 13, 2023.
  7. [9] C. Li, Q. Lv, N. Li, Y. Wang, D. Sun, and Y. Qiao, “A novel deep framework for dynamic malware detection based on api sequence intrinsic features,” Computers & Security, vol. 116, p. 102686, 2022. [10] C. Li, Z. Cheng, H. Zhu, L. Wang, Q. Lv, Y. Wang, N. Li, and D. Sun, “Dmalnet: Dynamic malware analysis based on api feature engineering and graph learning,” Computers & Security, vol. 122, p. 102872, 2022.
  8. [11] J. Singh and J. Singh, “Assessment of supervised machine learning algorithms using dynamic api calls for malware detection,” International Journal of Computers and Applications, vol. 44, no. 3, pp. 270–277, 2022.

Details

Primary Language

English

Subjects

System and Network Security, Data Security and Protection

Journal Section

Research Article

Publication Date

December 29, 2024

Submission Date

July 4, 2024

Acceptance Date

October 3, 2024

Published in Issue

Year 2024 Volume: 13 Number: 4

APA
Karakaya, A., & Ulu, A. (2024). Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models. International Journal of Information Security Science, 13(4), 1-20. https://doi.org/10.55859/ijiss.1510423
AMA
1.Karakaya A, Ulu A. Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models. IJISS. 2024;13(4):1-20. doi:10.55859/ijiss.1510423
Chicago
Karakaya, Aykut, and Ahmet Ulu. 2024. “Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models”. International Journal of Information Security Science 13 (4): 1-20. https://doi.org/10.55859/ijiss.1510423.
EndNote
Karakaya A, Ulu A (December 1, 2024) Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models. International Journal of Information Security Science 13 4 1–20.
IEEE
[1]A. Karakaya and A. Ulu, “Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models”, IJISS, vol. 13, no. 4, pp. 1–20, Dec. 2024, doi: 10.55859/ijiss.1510423.
ISNAD
Karakaya, Aykut - Ulu, Ahmet. “Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models”. International Journal of Information Security Science 13/4 (December 1, 2024): 1-20. https://doi.org/10.55859/ijiss.1510423.
JAMA
1.Karakaya A, Ulu A. Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models. IJISS. 2024;13:1–20.
MLA
Karakaya, Aykut, and Ahmet Ulu. “Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models”. International Journal of Information Security Science, vol. 13, no. 4, Dec. 2024, pp. 1-20, doi:10.55859/ijiss.1510423.
Vancouver
1.Aykut Karakaya, Ahmet Ulu. Dynamic Malware Detection Approach Based on API Calls: Machine Learning and Ensemble Learning Models. IJISS. 2024 Dec. 1;13(4):1-20. doi:10.55859/ijiss.1510423