Malware Detection Based on Opcode Dynamic Analysis

Abstract

Malware detection is an important problem in the field of information security. Opcodes are the most direct information reflecting the execution behavior of malware, The malware based on the dynamic analysis of opcodes also faces some challenges: the acquisition of the operating code information in the execution process of the malware; the high false alarm rate in the detection process and the large system overhead caused by the malware detection in the application layer. In order to deal with the above problems, this paper proposes a new scheme for dynamic opcode acquisition, the opcode information obtained from the software runtime is used for offline analysis. The detection accuracy of off-line malware can reach 99.85%, which is superior to the traditional technology. Moreover, this paper proposes an online detection scheme: CPU built-in malware monitoring model (CBMM), which can solve the problem that it is difficult to accurately identify the execution trajectory of malware in the current malware detection process, at the same time, this model can monitor malware in real time. Finally, we implement our model by VerilogHDL, functional simulation was carried out in modelsim simulation software and its implementation cost was analyzed.