A survey on data mining approaches for dynamic analysis of malwares

The number of samples being analyzed by the security vendors is continuously increasing on daily basis. Therefore generic automated malware detection tools are needed, to detect zero day threats. Using machine learning techniques, the exploitation of behavioral patterns obtained, can be done for classifying malwares (unknown samples) to their families. Variable length instructions of Intel x86 placed at any arbitrary addresses makes it affected by obfuscation techniques. Padding bytes insertion at locations that are unreachable during runtime tends static analyzers being contused to misinterpret binaries of program. Often the code that is actually running may not necessarily be the code which static analyzer analyzed. Such programs use polymorphism, metamorphism techniques and are self modifying. In this paper, using dynamic analysis of executable and based on mining techniques. Application Programming Interface (API) calls invoked by samples during execution are used as parameter of experimentation.