Skip to Main Content
Malware (malicious software) has been widely spread through our computers in the world that many antivirus vendors use signature-based method to detect them. However, the update rate of the virus signature database can never catch up the creation rate of the new malware variants. Using CSS (Crystal Security Sandbox) that monitors the Windows Portable Executable (PE) file execution and generates a sanitized intermediate result for classifying the malware is an emerging research in malware detection. Although the sanitized intermediate result is sufficient to depict the behaviors of malware, it is still a bit too long, too redundant, and too tedious to deal with efficiently. Therefore we compress and sieve the sanitized intermediate result to derive 90% fewer brief expressions which not only reduce the size of data, but also maintain above 93% accuracy rate and less 7 % error rate.