Metamorphic Malware Detection using Control Flow Graph Mining

Metamorphic malware propagation has persuaded the security society to consider about new approaches to confront this generation of malware with novel solutions. Control Flow Graph, CFG, has been successful in detection of simple malwares. By now, it needs to improve the CFG based detection methods to detect metamorphic malwares efficiently. Our Approach has improved the simple CFG with beneficial information by assuming called APIs on the CFG. Converting the resulted sparse graph to a vector to decrease the complexity of graph mining algorithms, a specific feature selection is utilized and different classification approaches has been qualified. The experimental results show the contribution of this approach in both accuracy and false detection rate measurements in comparison with the other simple graph modifications. Among different classifiers on our approach the best results were attained by random forest. On the computation complexity side also this work has decreased the elaboration regarding to the simple feature selection conducted before decision making.