Sequential opcode embedding-based malware detection method

In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection mechanisms. However, opcode sequences are often very long. Thus, the feature learning process is to be time-consuming when using the entire sequence or could be ineffective when only a partial part of the sequence is used. In this work, we propose a new malware detection approach, called Sequential Opcode Embedding-based Malware Detection (SOEMD), which aims at capturing common malicious patterns in sequential opcodes. To avoid dealing with the long opcode sequences, SOEMD uses Random walk approach with edge and node selection processes. The proposed method constructs a new vector space that consists of low-dimensional sequential opcode embeddings using an embedding method. Experimental results demonstrate that SOEMD outperforms the baseline methods and provides 100% malware detection. [Display omitted] •A new static analysis-based malware detection method.•Representation learning for malware executables.•Extraction of short opcode sequences using a graph sampling approach.•Construction of new sequential feature space for malware executables.