Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation

Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as benign or malware. To overcome this issue, CFG based multiclass malware detection system that automatically classifies the malware into their respective families is proposed. The use Bi-normal separation (BNS) as a feature scoring metric. Experimental results show that proposed method using BNS outperforms compared to hitherto use technique of document Frequency for multiclass metamorphic malware detection and achieves detection accuracy of 99.5 per cent.