Malware Detection System and Method based on API Function Extraction

摘要

The present invention relates to an API function extraction-based malware detection system and method, and more particularly, to a first API call list database including API call lists generated by static analysis of a plurality of malware and a plurality of normal files included in a data set. Generating (DB), generating a second API call list DB including API call lists generated by dynamically analyzing a plurality of malware and a plurality of normal files included in a data set, a first API call list DB and a plurality of API feature vectors corresponding to each of the plurality of malware and the plurality of normal files based on the second API call list DB. The API feature vector is the frequency of each API function included in the API call list of the corresponding malware or normal file. It includes the steps of generating - as training data, and training a machine learning algorithm to classify malware and normal files using the generated training data.