Title :
Role-opcode vs. opcode: The new method in computer malware detection
Author :
Ghezelbigloo, Zahra ; VafaeiJahan, Majid
Author_Institution :
Dept. of Comput. Eng., Imamreza Univ. of Mashhad, Mashhad, Iran
Abstract :
One of the common methods in the area of combating with malwares is the use of opcodes-sequence exist in the malwares´ assembly code. In this study, a new method has been used based on the structural classification of opcodes to detect malwares and its efficiency has also been put into investigation compared to the opcodes method. For this purpose, two different methods are to be applied for eliciting the content-based features of the assembly files. Two approaches were, then, analyzed on an equal basis using different classifications. The results, thereof, have indicated that the efficiency and the accuracy of different classifications do not decrease by using structural classification of opcodes. Additionally, the number of features, computational complexity, the time and the memory consumption would dramatically be decreased.
Keywords :
invasive software; program assemblers; source code (software); assembly code; assembly files; computational complexity; computer malware detection; content-based features; memory consumption; opcodes structural classification; opcodes-sequence; role-opcode; time consumption; Accuracy; Assembly; Computers; Data mining; Feature extraction; Image color analysis; Malware;
Conference_Titel :
Technology, Communication and Knowledge (ICTCK), 2014 International Congress on
Conference_Location :
Mashhad
DOI :
10.1109/ICTCK.2014.7033534
