Method of application malware detection based on dynamic api extraction, and readable medium and apparatus for performing the method

What is claimed is: 1 . A malware detection method of a malware detection apparatus based on dynamic Application Programming Interface (API) extraction, the method comprising: extracting an API from a sample application which is classified as malicious application apps or benign application apps, and generating an API list; extracting the API from the API list according to a frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps, and generating a training dataset; learning a machine learning algorithm with the training dataset and generating an API classifier which classifies an input API as malicious or benign; and inputting a pre-stored target API into the API classifier to classify the target API as malicious or benign. 2 . The malware detection method of claim 1 , wherein the step of the extracting the API from the API list according to the frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps and generating the training dataset comprises: measuring the frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps in reply to whether the sample application from which each API included in the API list is extracted is classified as the malicious application apps or the benign application apps, respectively; calculating a Mutual Information (MI) value between the frequency of occurrence of each API included in the API list in the malicious application apps and the frequency of occurrence in the benign application apps; and extracting the API that constitutes the training dataset from the API list on the basis of the MI value of each API included in the API list. 3 . The malware detection method of claim 1 , further comprising: accessing a reference site of an Android application, and collecting feature information including a package name, a class name, an API name, and description for each API provided at the site; and storing the feature information for each API in a hierarchy to build an API database. 4 . The malware detection method of claim 3 , wherein the step of the extracting the API from the API list according to the frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps and generating the training dataset comprises: labeling the API extracted from the API list as malicious or benign; acquiring, from the API database, the feature information corresponding to the API extracted from the API list; and generating the training dataset including the malicious or benign label and the feature information for each API extracted from the API list. 5 . The malware detection method of claim 4 , wherein the step of the inputting the pre-stored target API into the API classifier to classify the target API as malicious or benign comprises: acquiring the feature information corresponding to the target API from the API database; and inputting the feature information corresponding to the target API into the API classifier to classify as malicious or benign. 6 . A non-transitory computer-readable recording medium having recorded thereon a computer program for performing the method of application malware detection based on dynamic Application Programming Interface (API) extraction according to claim 1 . 7 . An apparatus for malware detection application based on dynamic Application Programming Interface (API) extraction, the apparatus comprising: a processor and a memory; an API extraction unit which extracts an API used in a sample application classified as malicious application apps or benign application apps and generates an API list; a training dataset generation unit which extracts the API from the API list according to a frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps and generates a training dataset; and an API classifying unit which generates an API classifier that learns a machine learning algorithm with the training dataset and classifies an input API as malicious or benign, and inputs a pre-stored target API into the API classifier to classify the target API as malicious or benign. 8 . The apparatus for malware detection application based on dynamic API extraction according to claim 7 , wherein the training dataset generation unit comprises: an API counter unit which measures the frequency of occurrence of each API included in the API list in the malicious application apps or the benign application apps in reply to whether the sample application from which each API included in the API list is extracted is classified as the malicious application apps or the benign application apps, respectively; and a Mutual Information (MI) vector generation unit which calculates an MI value between the frequency of occurrence of each AP included in the API list in the malicious application apps and the frequency of occurrence in the benign application apps, and extracts the API that constitutes the training dataset from the API list on the basis of the MI value of each API included in the API list. 9 . The apparatus for malware detection application based on dynamic API extraction according to claim 7 , further comprising: an API metadata collection unit which accesses a reference site of an Android application, collects feature information including a package name, a class name, an API name and description for each API provided at the site, and stores the feature information for each API in a hierarchy to build an API database. 10 . The apparatus for malware detection application based on dynamic API extraction according to claim 9 , wherein the API classifying unit acquires the feature information corresponding to the target API from the API database, and inputs the feature information corresponding to the target API into the API classifier to classify as malicious or benign.