Opcodes as Predictor for Malware
Source: Inderscience Enterprises
This paper discusses a detection mechanism for malicious code through statistical analysis of opcode distributions. A total of 67 malware executables were sampled statically disassembled and their statistical opcode frequency distribution compared with the aggregate statistics of 20 non-malicious samples. The paper finds that malware opcode distributions differ statistically significantly from non-malicious software. Furthermore, rare opcodes seem to be a stronger predictor, explaining 12 - 63% of frequency variation.