TY  - EJOU
AU  - Liang, Jinhuo 
AU  - Shen, Jinan 
AU  - Wang, Pengfei 
AU  - Liang, Fang 
AU  - Deng, Xuejian 

TI  - Dynamic Malware Detection Method Based on API Multiple Subsequences
T2  - Computers, Materials \& Continua

PY  - 2026
VL  - 87
IS  - 1
SN  - 1546-2226

AB  - The method for malware detection based on Application Programming Interface (API) call sequences, as a primary research focus within dynamic detection technologies, currently lacks attention to subsequences of API calls, the variety of API call types, and the length of sequences. This oversight leads to overly complex call sequences. To address this issue, a dynamic malware detection approach based on multiple subsequences is proposed. Initially, APIs are remapped and encoded, with the introduction of percentile lengths to process sequences. Subsequently, a combination of One-Dimensional Convolutional Neural Network (1D-CNN) and Bidirectional Long Short-Term Memory (Bi-LSTM) networks, along with an attention mechanism, is employed to extract features from subsequences of varying lengths for feature fusion and classification. Experiments conducted on two widely used public API-based datasets, namely MalBehavD-V1 and Alibaba Cloud, demonstrate that the proposed method reduces the number of API call types by approximately 20% compared to representative deep learning–based API sequence detection methods, while achieving a peak accuracy of 98.70%. Additionally, experimental results indicate that sequence length at the 95th percentile represents the optimal solution that balances classification performance and computational efficiency.
KW  - Malware detection; API call types; percentile; deep learning

DO  - 10.32604/cmc.2025.073076