A new method for malware detection using opcode visualization

Abstract

Malware is a program that is developed with malicious purpose, such as sabotage the computer system, information theft or other malicious actions. Various methods have been defined for detecting and classifying malware. This paper proposes a new malware detection method based on the opcodes within an executable file by using image processing techniques. In opcode level, the proposed method shows promising results with less complexity in comparison with previous studies. There are several steps in the proposed method, which includes generating a graph of operational codes (opcodes) from an executable file and converting this graph to an image and then using “GIST” method in order to extract features from each image. In the final step machine learning methods such as Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Ensemble are used for classification.