Assessment of supervised machine learning algorithms using dynamic API calls for malware detection

Detection of malware using traditional malware detection techniques is very hard. Machine Learning (ML) algorithms provide a solution to detect the malware which is being developed at a very high pace. ML automatic anti-malware system can be developed which can update the system with incoming malware to keep the system secure. To train the malware classifiers runtime features are captured through Cuckoo Sandbox. During execution, malware can drop other malicious payloads and every payload performs different malicious activities. API calls of every process executed by malware or benign file are extracted. In this paper, parameter tuning of Machine Learning (ML) is done to produce the high accuracy results in a binary classification of binary files into malware or benign. In machine learning algorithms, a few essential parameters like k value, kernel function, depth of the tree, loss function, splitting criteria, learning rate, and n-estimators are evaluated using API calls for achieving the high accurate results of the malware classifiers. At last, supervised machine learning classification algorithms were assessed with 6434 benign and 8634 malware samples. Malware classifier produced 99.1% accuracy using ensemble algorithms. This paper provides insight into the parameter tuning of ML algorithms for detecting the malware using API calls. © 2020 Informa UK Limited, trading as Taylor & Francis Group.