Malware detection by token counting

Malicious software (or malware) is defined as software that fulfills the harmful intent of an attacker and it is one of the most pressing and major security threats facing the Internet today. Antivirus companies typically have to deal with thousands of new malware every day. If antivirus software has large database then there is more chance of false positive and false negative, so to store the huge database in the virus definition, is very complex task. In this research paper the new concept is that, in spite of storing complete signatures of the virus, we can store the various tokens and their frequency in the program. In this process we will use only tokens of executable statements, so there is no problem if dead code in malware is also present. In the tokens we use two definitions one is operator and another is operand. So we can form new type of signature of a malware that take less size in the database and also give less negative false and positive false. The benefits of using the token concept includes; fewer databases storage memory is required; estimate size of the malicious software can be calculated; easy estimation of the complexity of the malicious program; If the malicious program has dead code or repetition of statements then also we can find accurate signature of the program by using executable statements only. So, by this process we can detect malicious code easily with less database storage memory with more precise way.