| The rapid evolution of malware presents a growing cyberse- curity challenge, necessitating advanced detection and classification tech- niques. This research explores the API call frequency approach for clas- sifying five malware families: Banker, Ransomware, Trojan PSW, Back- door, and Downloader. Our study focuses on two key perspectives: Total time analysis and early-stage classification within the first ten seconds of malware execution. We employ discrete accumulated and individual time analysis to assess the potential of early-stage malware classification. We performed binary classification, distinguishing each malware family from the others. Among the tested models, Random Forest achieved the best performance, with accuracy ranging from 91.3% to 99.4% across the five malware families. Notably, the early-stage classification using accumu- lated analysis within 5–10 seconds closely aligns with results from total execution time analysis and demonstrates the feasibility of early malware classification. |
*** Title, author list and abstract as submitted during Camera-Ready version delivery. Small changes that may have occurred during processing by Springer may not appear in this window.