Morphed virus family classification based on opcodes statistical feature using decision tree

Abstract

Use of morphing engine in metamorphic and polymorphic malware, and virus creation kits aid malware authors to produce a plenty number of variants for a virus. These variants belong to a family and have common behavioral and some statistical characteristics. However, these variants are not detectable via a single common string signature. Some statistical analyses have been tested in recent years to fight against these types of multi-variants family malware. In this research, we introduce and examine an opcodes statistical-based classifier using decision tree. This method is very simple in implementation. Our experimental outcome shows that different malware family executable files are classifiable using their opcodes statistical feature, with a high degree of reliability. © 2011 Springer-Verlag.