Code graph for malware detection

Jeong Kyoochang, Lee Heejo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)


When an application program is executed for the first time, the results of its execution are not always predictable. Since the host will be damaged by a malware as soon as it is executed, detecting and blocking the malware before its execution is the most effective means of protection. In contrast to current research into the detection of malwares based on their behavior while being executed, we propose a new mechanism which can preview the effect of a program on a system. The mechanism we developed is to represent the distinctions between portable executable binaries. The proposed mechanism analyzes the instructions related to the system-call call sequence in a binary executable and demonstrates the result in the form of a topological graph. This topological graph is called the code graph and the preview system is called the code graph system. We have tested various real application programs with the code graph system and identified their distinctive characteristics which can be used for distinguishing normal softwares from malwares such as worm codes and botnet programs. Our system detected all known malwares used in the experiment, and distinguished 67% of unknown malwares from normal programs. In this paper, we show how to analyze the effects of executable binaries before their execution and normal softwares can be effectively distinguished from malwares by applying the code graph.

Original languageEnglish
Title of host publication2008 International Conference on Information Networking, ICOIN
Publication statusPublished - 2008
Event2008 International Conference on Information Networking, ICOIN - Busan, Korea, Republic of
Duration: 2008 Jan 232008 Jan 25

Publication series

Name2008 International Conference on Information Networking, ICOIN


Other2008 International Conference on Information Networking, ICOIN
Country/TerritoryKorea, Republic of

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems


Dive into the research topics of 'Code graph for malware detection'. Together they form a unique fingerprint.

Cite this