The invention discloses a dynamic malicious software detection method based on a virtual machine and sensitive Native application programming interface (API) calling perception. The method consists of three parts, namely a Xen secondary development-based analysis and detection environment, a monitoring control program, and a training learning and detection program of a malicious software classifier. A detection model is divided into a training stage and a detection stage, wherein the training stage comprises the following steps of: executing a sample set file in a clean analysis environment for fixed length time, acquiring Native API calling frequencies of process behavior, privilege behavior, memory behavior, registry behavior, file behavior and network behavior of the sample set file, and training the classifier by using the data; and the detection stage comprises the following steps of: executing files to be checked, counting the Native API calling frequencies of six sensitive behaviors in the fixed length time, and classifying the detected files by using the trained classifier to obtain classification results which are malicious software or normal files. The method is still effective for the malicious software with anti-virtual, anti-debugging and anti-tracking capabilities.