Opcodes as predictor for malware 论文
2007International Journal of Electronic Security and Digital Forensics引用 300
Advanced Malware Detection TechniquesChaos-based Image/Signal EncryptionNetwork Security and Intrusion Detection
摘要
Abstract: This paper discusses a detection mechanism for malicious code through statistical analysis of opcode distributions. A total of 67 malware executables were sampled statically disassembled and their statistical opcode frequency distribution compared with the aggregate statistics of 20 non-malicious samples. We find that malware opcode distributions differ statistically significantly from non-malicious software. Furthermore, rare opcodes seem to be a stronger predictor, explaining 12–63 % of frequency variation.