Seongmin Jeong  Hyeonseok Kim  Youngjae Kim  Myungkeun Yoon

10.5626/JOK.2019.46.7.599

Malware detection Static Analysis disassemble N-GRAM feature hashing

With the rapid increase in number of malwares, automatic detection based on machine learning becomes more important. Since the opcode sequence extracted from a malicious executable file is useful feature for malware detection, it is widely used as input data for machine learning through byte-based n-gram processing techniques. This study proposed a V-gram, a new data preprocessing technique for deep learning, which improves existing n-gram methods in terms of processing speed and storage space. V-gram can prevent unnecessary generation of meaningless input data from opcode sequences. It was verified that the V-gram is superior to the conventional n-gram method in terms of processing speed, storage space, and detection accuracy, through experiments conducted by collecting more than 64,000 normal and malicious code files.