A malicious software, or Malware for a short, poses a threat to computer systems, which need to be analyzed, detected, and eliminated. Generally, malware is analyzed in two ways: dynamic malware analysis and static malware analysis. The former collects features dataset during running of the malware, and involves malware APIs, registry activities, file activities, process activities, and network activities based features. The latter collects features dataset prior and without running the malware, and involves Operational Codes (OpCodes) and text based (Bytecodes) features. However, several previous researchers addressed and reviewed malware detection approaches based on various aspects, but none of them addressed and reviewed the approaches merely based on malware OpCodes. Therefore, this paper aims to review Malware Detection Approaches based on OpCodes. The review explores, demonstrates, and compares the existing approaches for detecting malware according to their OpCodes only, and finally presents a comprehensive comparable envisage about them.

OpCodes-based Malware Detection; Malware Detection Approaches; Static Malware Approaches; Dynamic Malware Approaches; Hybrid Malware Approaches

X. Zhu, J. Huang, B. Wang, and C. Qi, “Malware homology determination using visualized images and feature fusion,” PeerJ Comput. Sci., vol. 7, pp. 1–22, 2021, doi: 10.7717/peerj-cs.494.

Z. Chen, X. Zhang, and S. Kim, “A Learning-based Static Malware Detection System with Integrated Feature,” 2021, doi: 10.32604/iasc.2021.016933.

O. Aslan and R. Samet, “A Comprehensive Review on Malware Detection Approaches,” IEEE Access, vol. 8, pp. 6249–6271, 2020, doi: 10.1109/ACCESS.2019.2963724.

K. Iwamoto and K. Wasaki, “Malware classification based on extracted API sequences using static analysis,” Proc. Asian Internet Engineeering Conf. - AINTEC ’12, no. June, pp. 31–38, 2012, doi: 10.1145/2402599.2402604.

G. Canfora, F. Mercaldo, and C. A. Visaggio, “Mobile malware detection using op-code frequency histograms,” SECRYPT 2015 - 12th Int. Conf. Secur. Cryptogr. Proceedings; Part 12th Int. Jt. Conf. E-bus. Telecommun. ICETE 2015, pp. 27–38, 2015, doi: 10.5220/0005537800270038.

P. N. Yeboah and H. B. Baz Musah, “NLP Technique for Malware Detection Using 1D CNN Fusion Model,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/2957203.

Z. Sun et al., “An OpCODE sequences analysis method for unknown malware detection,” ACM Int. Conf. Proceeding Ser., vol. Part F1482, pp. 15–19, 2019, doi: 10.1145/3318236.3318255.

W. Niu, R. Cao, X. Zhang, K. Ding, K. Zhang, and T. Li, “Opcode-level function call graph based android malware classification using deep learning,” Sensors (Switzerland), vol. 20, no. 13, pp. 1–23, 2020, doi: 10.3390/s20133645.

N. McLaughlin et al., “Deep android malware detection,” CODASPY 2017 - Proc. 7th ACM Conf. Data Appl. Secur. Priv., pp. 301–308, 2017, doi: 10.1145/3029806.3029823.

M. Mofe, A. L. Rwajah, and R. Rastogi, “Malware Materials Detection by Clustering the Sequence using Hidden Markov Model,” Turkish J. Comput. Math. Educ., vol. 12, no. 10, pp. 1227–1237, 2021, doi: 10.17762/turcomat.v12i10.4316.

R. Lu, “Malware Detection with LSTM using Opcode Language,” 2019, [Online]. Available: http://hdl.handle.net/1920/12075

R. K. Shahzad, N. Lavesson, and H. Johnson, “Accurate adware detection using opcode sequence extraction,” Proc. 2011 6th Int. Conf. Availability, Reliab. Secur. ARES 2011, pp. 189–195, 2011, doi: 10.1109/ARES.2011.35.

O. P. Samantray and S. N. Tripathy, “An opcode-based malware detection model using supervised learning algorithms,” Int. J. Inf. Secur. Priv., vol. 15, no. 4, pp. 18–30, 2021, doi: 10.4018/IJISP.2021100102.

V. Sihag, A. Mitharwal, M. Vardhan, and P. Singh, “Opcode n-gram based malware classification in android,” Proc. World Conf. Smart Trends Syst. Secur. Sustain. WS4 2020, no. May 2021, pp. 645–650, 2020, doi: 10.1109/WorldS450073.2020.9210386.

B. Panduri, M. Vummenthala, S. Jonnalagadda, G. Ashwini, N. Nagamani, and A. Akhila, “Dynamics and an efficient malware detection system using opcode sequence graph generation and ml algorithm,” E3S Web Conf., vol. 184, pp. 3–5, 2020, doi: 10.1051/e3sconf/202018401009.

J. Zhang and Y. Wen, “Malware Detection Based on Opcode Dynamic Analysis,” ICST Trans. Secur. Saf., vol. 7, no. 26, p. 170239, 2020, doi: 10.4108/eai.22-6-2021.170239.

P. O’kane, S. Sezer, and K. McLaughlin, “Detecting obfuscated malware using reduced opcode set and optimised runtime trace,” Secur. Inform., vol. 5, no. 1, 2016, doi: 10.1186/s13388-016-0027-2.

B. Kinholkar, “Study of Dataset Feature Filtering of OpCode for Malware Detection Using SVM Training Phase,” Int. J. Sci. Res., vol. 4, no. 12, pp. 474–479, 2015, doi: 10.21275/v4i12.nov151981.

M. R. Norouzian, P. Xu, C. Eckert, and A. Zarras, “Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 13118 LNCS, pp. 259–278, 2021, doi: 10.1007/978-3-030-91356-4_14.

J. Yan, Y. Qi, and Q. Rao, “Detecting Malware with an Ensemble Method Based on Deep Neural Network,” Secur. Commun. Networks, vol. 2018, 2018, doi: 10.1155/2018/7247095.

I. Santos, F. Brezo, B. Sanz, C. Laorden, and P. G. Bringas, “Using opcode sequences in single-class learning to detect unknown malware,” IET Inf. Secur., vol. 5, no. 4, pp. 220–227, 2011, doi: 10.1049/iet-ifs.2010.0180.

A. A. Khare, “MALWARE DETECTION IN INTERNET OF THINGS USING OPCODES AND MACHINE LEARNING,” George Mason, 2020. [Online]. Available: http://hdl.handle.net/1920/12075

I. Santos et al., “Idea: Opcode-Sequence-Based Malware Detection,” in ESSoS’10: Proceedings of the Second international conference on Engineering Secure Software and Systems, 2010, pp. 35–43. doi: 10.1007/978-3-642-11747-3_3.

B. P. Kinholkar, “Signature Base Method Dataset Feature Reduction of Opcode Using Pre- Processing Approach,” Int. J. Recent Innov. Trends Comput. Commun., pp. 6813–6819, 2015, doi: 10.17762/ijritcc.v3i12.5147.

T. Ahn, S. Oh, and Y. Kwon, “Malware Detection Method using Opcode and windows API Calls,” J. Inst. Internet, Broadcast. Commun., vol. 17, no. 6, pp. 11–17, 2017, doi: 10.7236/JIIBC.2017.17.6.11.

P. N. Yeboah, S. K. Amuquandoh, and H. B. B. Musah, “Malware Detection Using Ensemble N-gram Opcode Sequences,” Int. J. Interact. Mob. Technol., vol. 15, no. 24, pp. 19–31, 2021, doi: 10.3991/IJIM.V15I24.25401.

S. Egunjobi, S. Parkinson, and A. Crampton, Classifying Ransomware Using Machine Learning Algorithms, vol. 11872 LNCS. Springer International Publishing, 2019. doi: 10.1007/978-3-030-33617-2_5.

M. Almousa, S. Basavaraju, and M. Anwar, “API-Based Ransomware Detection Using Machine Learning-Based Threat Detection Models,” 2021 18th Int. Conf. Privacy, Secur. Trust. PST 2021, 2021, doi: 10.1109/PST52912.2021.9647816.

A. Shabtai, R. Moskovitch, C. Feher, S. Dolev, and Y. Elovici, “Detecting unknown malicious code by applying classification techniques on OpCode patterns,” Secur. Inform., vol. 1, no. 1, pp. 1–22, 2012, doi: 10.1186/2190-8532-1-1.

B. J. Kang, S. Y. Yerima, K. McLaughlin, and S. Sezer, “N-opcode analysis for android malware classification and categorization,” 2016 Int. Conf. Cyber Secur. Prot. Digit. Serv. Cyber Secur. 2016, pp. 13–14, 2016, doi: 10.1109/CyberSecPODS.2016.7502343.

M. Hassen, M. M. Carvalho, and P. K. Chan, “Malware classification using static analysis based features,” 2017 IEEE Symp. Ser. Comput. Intell. SSCI 2017 - Proc., vol. 2018-Janua, pp. 1–7, 2018, doi: 10.1109/SSCI.2017.8285426.

B. Kang, S. Y. Yerima, S. Sezer, and K. McLaughlin, “N-gram Opcode Analysis for Android Malware Detection,” Int. J. Cyber Situational Aware., vol. 1, no. 1, pp. 231–255, 2016, doi: 10.22619/ijcsa.2016.100111.

E. Cunningham, O. Boydell, C. Doherty, B. Roques, and Q. Le, “Using text classification methods to detect malware,” in 27th AIAI Irish Conference on Artificial Intelligence and Cognitive Science, 2019, vol. 2563, pp. 95–103. [Online]. Available: https://ceur-ws.org/Vol-2563/aics_11.pdf

P. Yang, H. Zhou, Y. Zhu, L. Liu, and L. Zhang, “Malware classification based on shallow neural network,” Futur. Internet, vol. 12, no. 12, pp. 1–17, 2020, doi: 10.3390/fi12120219.

D. Li, L. Zhao, Q. Cheng, N. Lu, and W. Shi, “Opcode sequence analysis of Android malware by a convolutional neural network,” Concurr. Comput. Pract. Exp., vol. 32, no. 18, pp. 1–18, 2020, doi: 10.1002/cpe.5308.

“Science Direct.” https://www.sciencedirect.com

“Web of Science.” jcr.clarivate.com

“IEEE Xplore Digital Library.” https://ieeexplore.ieee.org/Xplore/home.jsp

“SpringerLink.” https://link.springer.com/

“Google Scholar.” https://scholar.google.com/

M. Bat-Erdene, H. Park, H. Li, H. Lee, and M. S. Choi, “Entropy analysis to classify unknown packing algorithms for malware detection,” Int. J. Inf. Secur., vol. 16, no. 3, pp. 227–248, 2017, doi: 10.1007/s10207-016-0330-4.

I. Santos, B. Sanz, C. Laorden, F. Brezo, and P. G. Bringas, “Opcode-sequence-based semi-supervised unknown malware detection,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 6694 LNCS, pp. 50–57, 2011, doi: 10.1007/978-3-642-21323-6_7.

I. Santos, B. Sanz, C. Laorden, F. Brezo, and P. G. Bringas, “Opcode-Sequence-Based Semi-supervised Unknown Malware Detection,” in Computational Intelligence in Security for Information Systems, 2011, pp. 50–57. doi: 10.1007/978-3-642-21323-6_7.

Y. Wang, J. W. Stokes, and M. Marinescu, “Neural Malware Control with Deep Reinforcement Learning,” Proc. - IEEE Mil. Commun. Conf. MILCOM, vol. 2019-Novem, 2019, doi: 10.1109/MILCOM47813.2019.9020862.

A. Sharma and S. K. Sahay, “An effective approach for classification of advanced malware with high accuracy,” Int. J. Secur. its Appl., vol. 10, no. 4, pp. 249–266, 2016, doi: 10.14257/ijsia.2016.10.4.24.

H. Daku, P. Zavarsky, and Y. Malik, “Behavioral-Based Classification and Identification of Ransomware Variants Using Machine Learning,” Proc. - 17th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. 12th IEEE Int. Conf. Big Data Sci. Eng. Trust. 2018, pp. 1560–1564, 2018, doi: 10.1109/TrustCom/BigDataSE.2018.00224.

M. Xu, H. Tong, C. Jin, and Y. Wang, “Malicious Code Detection Method Based on Multiple Features,” 2021 IEEE 4th Int. Conf. Electron. Commun. Eng. ICECE 2021, pp. 8–15, 2021, doi: 10.1109/ICECE54449.2021.9674573.

F. A. Aboaoja, A. Zainal, F. A. Ghaleb, and B. A. S. Al-Rimy, “Toward an Ensemble Behavioral-based Early Evasive Malware Detection Framework,” 2021 Int. Conf. Data Sci. Its Appl. ICoDSA 2021, pp. 181–186, 2021, doi: 10.1109/ICoDSA53588.2021.9617489.

A. Menelet, C. Bichot, A. Menelet, and C. B. Characterization, “Characterization of Android malware based on opcode analysis,” hal-03192097, 2021, [Online]. Available: https://hal.archives-ouvertes.fr/hal-03192097

Q. Jerome, K. Allix, R. State, and T. Engel, “Using opcode-sequences to detect malicious Android applications,” 2014 IEEE Int. Conf. Commun. ICC 2014, pp. 914–919, 2014, doi: 10.1109/ICC.2014.6883436.

Y. Ding, W. Dai, S. Yan, and Y. Zhang, “Control flow-based opcode behavior analysis for Malware detection,” Comput. Secur., vol. 44, no. 2007, pp. 65–74, 2014, doi: 10.1016/j.cose.2014.04.003.

G. Canfora, A. De Lorenzo, E. Medvet, F. Mercaldo, and C. A. Visaggio, “Effectiveness of opcode ngrams for detection of multi family android malware,” Proc. - 10th Int. Conf. Availability, Reliab. Secur. ARES 2015, pp. 333–340, 2015, doi: 10.1109/ARES.2015.57.

D. Stiawan, S. M. Daely, A. Heryanto, N. Afifah, M. Y. Idris, and R. Budiarto, “Ransomware detection based on opcode behaviour using k-nearest neighbours algorithm,” Inf. Technol. Control, vol. 50, no. 3, pp. 495–506, 2021, doi: 10.5755/j01.itc.50.3.25816.

F. S. Ahmed, N. Mustapha, A. Mustapha, M. Kakavand, and C. F. M. Foozy, “Preliminary analysis of malware detection in opcode sequences within iot environment,” J. Comput. Sci., vol. 16, no. 9, pp. 1306–1318, 2020, doi: 10.3844/jcssp.2020.1306.1318.

H. Il Kim, M. Kang, S. J. Cho, and S. Il Choi, “Efficient Deep Learning Network with Multi-Streams for Android Malware Family Classification,” IEEE Access, vol. 10, pp. 5518–5532, 2022, doi: 10.1109/ACCESS.2021.3139334.

A. Sharma, P. Malacaria, and M. H. R. Khouzani, “Malware detection using 1-dimensional convolutional neural networks,” Proc. - 4th IEEE Eur. Symp. Secur. Priv. Work. EUROS PW 2019, pp. 247–256, 2019, doi: 10.1109/EuroSPW.2019.00034.

L. Zhao, D. Li, G. Zheng, and W. Shi, “Deep neural network based on android mobile malware detection system using opcode sequences,” Int. Conf. Commun. Technol. Proceedings, ICCT, vol. 2019-Octob, pp. 1141–1147, 2019, doi: 10.1109/ICCT.2018.8600052.

A. N. Jahromi, S. Hashemi, A. Dehghantanha, R. M. Parizi, and K. K. R. Choo, “An Enhanced Stacked LSTM Method with No Random Initialization for Malware Threat Hunting in Safety and Time-Critical Systems,” IEEE Trans. Emerg. Top. Comput. Intell., vol. 4, no. 5, pp. 630–640, 2020, doi: 10.1109/TETCI.2019.2910243.

R. Kumar and R. U. Khan, “Opcode and Gray Scale Techniques for Classification of Malware Binaries,” 2018, [Online]. Available: https://mail.easychair.org/publications/preprint_download/T9Q2