Skip to Main Content
As ongoing war between the malware developer and defense mechanism planners there is a great challenge in providing an effective defense mechanism against evasion technique used by malware authors. The present paper provides a framework for malware detection based on the analysis of graphs introduced from instructions of the executable objects. The graph is constructed through the graph extractor, and then we used the simulated annealing algorithm to approximate the graph similarity measure. The threshold value plays a great role to relate the support vector machine to confirm the real class of the file, benign or malicious.