A Toolkit for Detecting and Analyzing Malicious Software
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Software obfuscation from crackers' viewpoint
ACST'06 Proceedings of the 2nd IASTED international conference on Advances in computer science and technology
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
International Journal of Bioinformatics Research and Applications
Callgraph properties of executables
AI Communications - Network Analysis in Natural Sciences and Engineering
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
The church-turing thesis: breaking the myth
CiE'05 Proceedings of the First international conference on Computability in Europe: new Computational Paradigms
Reliable identification of bounded-length viruses is NP-complete
IEEE Transactions on Information Theory
Information Security Tech. Report
Neural network approach to locating cryptography in object code
ETFA'09 Proceedings of the 14th IEEE international conference on Emerging technologies & factory automation
Improved call graph comparison using simulated annealing
Proceedings of the 2011 ACM Symposium on Applied Computing
Malware classification based on call graph clustering
Journal in Computer Virology
Idea: opcode-sequence-based malware detection
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Improving malware classification: bridging the static/dynamic gap
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Malware classification method via binary content comparison
Proceedings of the 2012 ACM Research in Applied Computation Symposium
A comparative study of malware family classification
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Opcode sequences as representation of executables for data-mining-based unknown malware detection
Information Sciences: an International Journal
Rendezvous: a search engine for binary code
Proceedings of the 10th Working Conference on Mining Software Repositories
Simple substitution distance and metamorphic detection
Journal in Computer Virology
Detecting machine-morphed malware variants via engine attribution
Journal in Computer Virology
Malware analysis method using visualization of binary files
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Android malware classification method: Dalvik bytecode frequency analysis
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Simseer and bugwise: web services for binary-level software similarity and defect detection
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
| Hi-index | 0.00 |
This paper discusses a detection mechanism for malicious code through statistical analysis of opcode distributions. A total of 67 malware executables were sampled statically disassembled and their statistical opcode frequency distribution compared with the aggregate statistics of 20 non-malicious samples. We find that malware opcode distributions differ statistically significantly from non-malicious software. Furthermore, rare opcodes seem to be a stronger predictor, explaining 12 63% of frequency variation.