Malware Detection Based on Opcode Frequency

Abstract

Malware is a computer program or a piece of software that is designed to penetrate and detriment computers without owners permission. There are different malware types such as viruses, rootkits, keyloggers, worms, trojans, spywares, ransomware, backdoors, bots, logic bomb, etc. Volume, Variant and speed of propagation of mal- ware is increasing every year. Antivirus companies are receiving thousands of malware on the daily basis, so detection of malware is complex and time consuming task. Malware detection means detection of malware using different malware detection tools such as antivirus, Intrusion detection system, etc. Malware detection system means checking whether the software has malicious intent or not. There are many malware detection techniques like signature based, behavior based and machine learn- ing based detection techniques, etc. The signatures based detection system fails for new unknown malware. In case of behavior based detection, if the antivirus pro- gram identify attempt to change or alter a file or communication over Internet then it will generate alarm signal, but still there is a chance of false positive rate. Also the obfuscation and polymorphism techniques are hinderers to the malware detection process. In this research we introduce a method to detect malware using the concept of opcode frequency in the portable executable file format. This research applied ma- chine learning algorithm to find True Positive Rate, Recall, Accuracy, False Positives, Specificity, False Negatives, True Negative Rate, True Positives, Sensitivity and True Negatives for malware and got 96.67 per cent success rate.