Static Signature-Based Malware Detection Using Opcode and Binary Information

Abstract

Internet continues to evolve and touches every aspect of our daily life thus communications through internet is becoming inevitable. Computer security has been hence becoming one of the important concerns of internet users. Malware, a malicious software, is a harmful code that poses security thread for infected machines, thus malware detection has become one of the most important research topics in computer security. Malware detection methods can be categorized into signature-based, and behavior-based methods; each of which can be performed in a dynamical or static behavior. In this paper, we describe a static signature-based malware detection method based on opcode and binary file signatures. The proposed method is based on N-gram distribution and is improved using a proposed Top K approach which suggests selecting top most similar k files in classification of a new unknown file. The results are evaluated on VXheaven malware binaries, and windows system files are used as a repository of benign binaries.