University of Balamand
In this paper, the authors propose a five-step approach to detect obfuscated malware by investigating the structural and behavioral features of API calls. They have developed a fully automated system to disassemble and extract API call features effectively from executables. Using n-gram statistical analysis of binary content, they are able to classify if an executable file is malicious or benign. Their experimental results with a dataset of 242 malwares and 72 benign files have shown a promising accuracy of 96.5% for the unigram model.