Authors - Omar N. Elayan, Qussai M. Yaseen, Ahmed S. Shatnawi Abstract - This paper proposes a machine-learning model using static and dynamic features to identify Windows malware. The paper uses a new dataset of 12158 Portable Executable PE files for the Windows operating system, 5936 malicious files belonging to nine malware families, and 6,222 benign files. The main features of the files were extracted based on Application Programming Interface (API) by three main known methods: Static using Python, Dynamic by Cuckoo Sandbox, and finally, Hybrid by combining them to check which way is more effective and accurate in detecting malicious files. The proposed model performs binary and multi-class classification to classify malicious files into nine types. The experiments show that Extra-Trees outperformed other classifiers, achieving an accuracy of 100% in binary classification and 97% in multiclass classification.
