Title :
Malicious Code Detection Using Opcode Running Tree Representation
Author :
Ding Yuxin ; Dai Wei ; Zhang Yibin ; Xue Chenglong
Author_Institution :
Shenzhen Grad. Sch., Dept. of Comput. Sci., Harbin Inst. of Technol., Shenzhen, China
Abstract :
An opcode behavior based method is proposed to detect malware. Opcode behaviors are represented as opcode sequences from a decompiled executable. To accurately describe the malware behaviors, we construct the opcode running tree to simulate the dynamic execution of a program, and opcode n-grams are extracted to represent the features of an executable. The experimental results show that the opcode behaviors extracted by this method can fully represent the behavior characteristics of an executable. Compared with the detection method based the opcode distributions, the proposed method has higher overall accuracy and a lower false positive rate.
Keywords :
invasive software; trees (mathematics); dynamic program execution; executable decompilation; malicious code detection; malware detection; opcode behavior based method; opcode n-gram extraction; opcode running tree representation; opcode sequences; Accuracy; Feature extraction; Flow graphs; Image edge detection; Malware; Support vector machines; Training; opcode behavior; malware detection; control flow; machine learning; security;
Conference_Titel :
P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on
Conference_Location :
Guangdong
DOI :
10.1109/3PGCIC.2014.140
