Skip to Main Content
The proliferation of malware has been causing great harm to computer and information systems. Traditional signature-based approaches fail to detect obfuscated malware and unknown malware. We present a preliminary study on classifying with compression of program instructions for malware detection. The code structure information was utilized to compress. The disassembled code is converted to its intermediate representation. We extract the opcode to form the stream for prediction by partial matching (PPM). The binaries are classified with this statistical compression algorithm. The preliminary experiment shows that our method can efficiently detect malware with high accuracy and low false positive rate.