Statistical Analysis Between Malware and Benign Based on IA-32 Instruction

Malicious software is one of the serious threats in the information society. A natural result of evolved malicious software, techniques for detecting malicious software are also in progress. Based on statistical data about existing malicious software is most important to detect new malicious software. Studies which statistical malicious software analysis so far have mainly focused only opcode which a part of whole instruction. This paper analyses the statistical data which considers whole instruction, not only opcode but also 5 types of operands. We find out that major of instruction both benign and malicious software are related function call, and it can not be a good predictor for detecting malicious software. But, when the benign’s instruction frequency gets smaller, the relation between rare instruction malicious software classes multiplies. Also, this paper discovers some instructions which are only used in malicious software.