Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
456434 | Computers & Security | 2014 | 10 Pages |
Opcode sequences from decompiled executables have been employed to detect malware. Currently, opcode sequences are extracted using text-based methods, and the limitation of this method is that the extracted opcode sequences cannot represent the true behaviors of an executable. To solve this issue, we present a control flow-based method to extract executable opcode behaviors. The behaviors extracted by this method can fully represent the behavior characteristics of an executable. To verify the efficiency of control flow-based behaviors, we perform a comparative study of the two types of opcode behavior analysis methods. The experimental results indicate that the proposed control flow-based method has a higher overall accuracy and a lower false positive rate.