Malware Analysis Using Apis Pattern Mining


  • Nawfal Turki Obeis
  • Wesam Bhaya



Malicious Code, Malware Detection, Shingling, API Calls, Pattern Mining.


Malicious code threats cybersecurity. Malware and its detection have caught the challenges of both anti-malware industry and researchers for decades.

We use pattern mining technique to find the frequent Windows Application Program Interface (API) calls and then uses the frequent item sets to build the sequence of features for next analysis. Shingling techniques have proven effective for the problem of detecting. For verification, we use clustering processes of malware sequences based on their frequent API call sequences.

We have achieved a high detection rate of 99.029% with accuracy as high as 98.8%. Thus, proposal method improved state of the art technology in several aspects: accuracy, detection rate, and false alarm rate were decreased.

The experiment upon a big API sequence dataset demonstrated that the using frequent of API call sequences could realize a high accuracy for malware clustering while dropping the computation time. 




[1] Assif Assad, A., & Deep, K. (2016). Applications of Harmony Search Algorithm in Data Mining: A Survey (pp. 863–874). Springer, Singapore.

[2] Elhadi, A. A., Maarof, M. A., & Barry, B. (2013). IMPROVING THE DETECTION OF MALWARE BEHAVIOUR USING SIMPLIFIED DATA DEPENDENT API CALL GRAPH. International Journal of Security and Its Applications, 7(5), 29–42.

[3] You, I., & Yim, K. (2010). Malware Obfuscation Techniques: A Brief Survey. In 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (pp. 297–300). IEEE.

[4] Christodorescu, M., Jha, S., Maughan, D., Song, D., & Wang, C. (Eds.). (2007). Malware Detection (Vol. 27). Boston, MA: Springer US.

[5] Ravi, C., & Manoharan, R. (2012). Malware Detection using Windows API Sequence and Machine Learning. International Journal of Computer Applications, 43(17), 12–16.

[6] Bhaya, W., & Ali, M. (2017). REVIEW ON MALWARE AND MALWARE DETECTION ‎USING DATA MINING TECHNIQUES. Journal of University of Babylon, 25(5), 1585 - 1601.


[8] Fan, C.-I., Hsiao, H.-W., Chou, C.-H., & Tseng, Y.-F. (2015). MALWARE DETECTION SYSTEMS BASED ON API LOG DATA MINING. Paper presented at the Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, Taiwan.

[9] Guo,D.-F., Sui, A.-F., Shi, Y.-J.,Hu, J.-J., Lin,G.-Z.,&Guo, T. (2014). BEHAVIOR CLASSIFICATION BASED SELF-LEARNING MOBILE MALWARE DETECTION. Journal of Computers, 9(4), 851–858.

[10] Demme, J., Maycock, M., Schmitz, J., Tang, A., Waksman, A., Sethumadhavan, S., … Stolfo, S. (2013). On the feasibility of online malware detection with performance counters. In Proceedings of the 40th Annual International Symposium on Computer Architecture - ISCA ’13 (Vol. 41, pp. 559–570). New York, New York, USA: ACM Press.

[11] Shah, K., & Singh, D. K. (2015). A survey on data mining approaches for dynamic analysis of malwares. In 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) (pp. 495–499). IEEE.

[12] Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(2), 1–42.

[13] Wressnegger, C., Yamaguchi, F., Arp, D., & Rieck, K. (2016). Comprehensive Analysis and Detection of Flash-Based Malware (pp. 101–121). Springer, Cham.

[14] Obeis, N. T., & Bhaya, W. (2016). Review of data mining techniques for malicious detection. Research Journal of Applied Sciences, 11(10).

[15] Miller, B., Kantchelian, A., Tschantz, M. C., Afroz, S., Bachwani, R., Faizullabhoy, R., … Tygar, J. D. (2016). Reviewer Integration and Performance Measurement for Malware Detection (pp. 122–141). Springer, Cham.

[16] DATASET-1:

[17] DATASET-2:

View Full Article: