2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC) (2014)
Nov. 8, 2014 to Nov. 10, 2014
An opcode behavior based method is proposed to detect malware. Opcode behaviors are represented as opcode sequences from a decompiled executable. To accurately describe the malware behaviors, we construct the opcode running tree to simulate the dynamic execution of a program, and opcode n-grams are extracted to represent the features of an executable. The experimental results show that the opcode behaviors extracted by this method can fully represent the behavior characteristics of an executable. Compared with the detection method based the opcode distributions, the proposed method has higher overall accuracy and a lower false positive rate.
Malware, Feature extraction, Support vector machines, Image edge detection, Accuracy, Training, Flow graphs
D. Yuxin, D. Wei, Z. Yibin and X. Chenglong, "Malicious Code Detection Using Opcode Running Tree Representation," 2014 Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), Guangdong, China, 2014, pp. 616-621.