Obfuscated Malware Detection Based on Boosting Multilevel Features
提升多维特征检测迷惑恶意代码

To cope with the problem of the low accuracy in detecting obfuscated malware, an algorithm to detect obfuscated malware based on boosting multi-level features is presented. After a disassembly analysis and static analysis for the obfuscated malware, the algorithm extracts features from three dimensions: opcode distribution, a function call graph, and a system call graph, which combines the statistic and semantic features to reflect the behavior characteristic of the malware, and then gives out the decision result based on weighted voting for a different feature analysis. It has been proven by experiment that the algorithms have a much higher accuracy on the testing dataset.