A technique to improve computer security is to test an executable for the presence of malicious code without running the executable. This publication describes systems and techniques for machine learning on application-programming-interface-call (API-call) n-grams from static analysis to automatically determine whether an executable or shared library binary file includes indicators of malicious code. The systems and techniques generate API-call graphs from the file. From the API-call graphs, the systems and techniques generate n-grams. A machine-learned model, using the n-grams, then identifies malicious code or code that performs unwanted behavior.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.