Opcodes as predictor for malware

DMCA

Opcodes as predictor for malware

Cached

Download Links

[cs.wellesley.edu]

by Daniel Bilar

Citations:

24 - 0 self

BibTeX

@MISC{Bilar_opcodesas,
    author = {Daniel Bilar},
    title = {Opcodes as predictor for malware},
    year = {}
}

OpenURL

Abstract

Abstract: This paper discusses a detection mechanism for malicious code through statistical analysis of opcode distributions. A total of 67 malware executables were sampled statically disassembled and their statistical opcode frequency distribution compared with the aggregate statistics of 20 non-malicious samples. We find that malware opcode distributions differ statistically significantly from non-malicious software. Furthermore, rare opcodes seem to be a stronger predictor, explaining 12–63 % of frequency variation.

Keyphrases

malicious code statistical opcode frequency distribution rare opcodes non-malicious software non-malicious sample malware executables statistical analysis aggregate statistic malware opcode distribution opcode distribution detection mechanism frequency variation

DMCA