Metamorphic and Polymorphic Malware Detection and Classification Using Dynamic Analysis of API Calls

Abstract

Malicious programs have created a major threat in the area of cyber security. Malware detection and classification is a big challenge for the researchers. Now days Machine Learning techniques using Dynamic analysis of a malicious file play an important role for malware detection. Some new type of malware as polymorphic and metamorphic cannot detected easily. Their tactic hide them from anti malware system, such type of malware creates new instance and encrypting the malicious payload as well as changing the code structure at each infection, while retaining the same functionality. To address this we purpose a model for Polymorphic and metamorphic malware detection. This paper addresses detection and classification problem by providing a deeper analysis of API calls, key features and their parameters that enable polymorphism in malware. We named this model as MPDC, This paper also proposed a Feature Engineering approach for the better classification of malware family, this research is based on behavioral (Dynamic) features analysis and API. We used 8 type of malware family for classification. Our model achieved a Detection accuracy rate of 98.74%, and malware family classification accuracy rate of 96%. This research will revolutionize anti-malware industry in creating better protection mechanisms.