Deakin University
batten-functionlengthasatool-2008.pdf (305.61 kB)

Function length as a tool for malware classification

Download (305.61 kB)
conference contribution
posted on 2008-01-01, 00:00 authored by Ronghua Tian, Lynn BattenLynn Batten, S Versteeg
The proliferation of malware is a serious threat to computer and information systems throughout the world. Antimalware companies are continually challenged to identify and counter new malware as it is released into the wild. In attempts to speed up this identification and response, many researchers have examined ways to efficiently automate classification of malware as it appears in the environment. In this paper, we present a fast, simple and scalable method of classifying Trojans based only on the lengths of their functions. Our results indicate that function length may play a significant role in classifying malware, and, combined with other features, may result in a fast, inexpensive and scalable method of malware classification.



69 - 76


Alexandria, Va.

Open access

  • Yes

Start date


End date







This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Publication classification

E1 Full written paper - refereed

Copyright notice

2008, IEEE

Title of proceedings

Proceedings of the 3rd International Conference on Malicious and Unwanted Software : MALWARE 2008