With the advent of internet-based technology, there has been a surge in internet-enabled devices. These devices generate massive volumes of meaningful information to accomplish several tasks. Conversely, cyber-criminals leverage this information to perform cyber-attacks. Malware is one of the most prevalent attacks in the cyber threat landscape to fulfil malicious intents of cyber-criminals. Thus, it becomes imperative to detect and prevent these malware attacks precisely to minimize the damage. A number of researchers have proved that API calls can comprehend malware behaviour accurately and can be utilized with machine learning algorithms to effectively detect malware. Therefore, this paper proposes a novel malware detection method for Windows platform based on API calls, feature selection, and machine learning algorithms. It extracts API calls information in three forms: API calls usage, API calls frequency, and API calls sequences to create three feature sets. These feature sets are enriched using TF-IDF technique and combined to create a more extensive and robust feature set, API integrated feature set. A series of experiments were conducted and results showed that API integrated feature set outperformed other feature sets by attaining 99.6% and higher accuracy for all machine learning algorithms. To address the high-dimensionality concern of API integrated feature set, this work applied several feature selection techniques and results showed that we are able to achieve 99.6–99.9% accuracy with only 9% features of API integrated feature set using hybrid feature selection and machine learning algorithms.
