The Community for Technology Leaders
2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC) (2014)
Guangdong, China
Nov. 8, 2014 to Nov. 10, 2014
ISBN: 978-1-4799-4171-1
pp: 616-621
ABSTRACT
An opcode behavior based method is proposed to detect malware. Opcode behaviors are represented as opcode sequences from a decompiled executable. To accurately describe the malware behaviors, we construct the opcode running tree to simulate the dynamic execution of a program, and opcode n-grams are extracted to represent the features of an executable. The experimental results show that the opcode behaviors extracted by this method can fully represent the behavior characteristics of an executable. Compared with the detection method based the opcode distributions, the proposed method has higher overall accuracy and a lower false positive rate.
INDEX TERMS
Malware, Feature extraction, Support vector machines, Image edge detection, Accuracy, Training, Flow graphs
CITATION

D. Yuxin, D. Wei, Z. Yibin and X. Chenglong, "Malicious Code Detection Using Opcode Running Tree Representation," 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Guangdong, China, 2014, pp. 616-621.
doi:10.1109/3PGCIC.2014.140
92 ms
(Ver 3.3 (11022016))