Method and apparatus are disclosed for malware detection. According to an embodiment, a hybrid method for malware detection comprises: obtaining calling maps of a malware set and a normal application set, wherein a calling map comprises information about system call sequences with different calling depth greater than or equal to one; generating a malware pattern set and a normal pattern set, based on comparison between frequencies of the calling maps of the malware set and the normal application set; acquiring a calling map of an unknown application; and determining a malware detection result for the unknown application, based on comparison between the unknown application's calling map with the malware pattern set and the normal pattern set. The malware pattern set and/or the normal pattern set may be updated according to the malware detection result.
展开▼
