talking about generic detection and behavior detection and other...
http://research.iiit.ac.in/~pankaj_kohli/pub/malw-acisp08.pdf
:thumb:

Interesting approach. But they have used legacy malware families to prove their efficiency.

If in future, if there are changes in malware structure this method may become ineffective.
Plus the whole idea of using API call structure to create signature can/will lead to multitudes of FPs.
Assembly written viruses have existed since for long. I remember studying of ASM based virus example in college. I am sure the same is equally possible today. I am not a AV expert, but I think many rootkits use assembly language to infiltrate without suspicion. So their approach of mapping critical Win API calls may not detect rootkits and other assembly malware.

This is what I could assimilate at first glance. I am sure people like IC, Eraser, etc. would be able to comment on this paper with much better than me.