Detecting malware based on opcode n-gram and machine learning

Abstract

Due to its seriously damage to computer and network, malware (short for malicious software) has caught the attention of both anti-malware companies and researchers for decades. Although signature-based detection is the most significant method used in commercial anti-malware, it fails to recognize new and unseen malware. To solve this problem, n-gram of the Opcodes, generated by disassembling the executables, is used to be the features for the classification process. However, many researches in the past set n small such as 1 or 2. In this paper, firstly, we use various n-gram size from 1 to 15. Then we compare different feature select methods. Lastly, we perform experiments with different MFP, short for malicious files percentage to demonstrate which setting is better.