Abstract
This paper examines the callgraphs of 120 malicious and 280 non-malicious executables. Pareto models are fitted to indegree, outdegree and basic block count distributions, and a statistically significant difference is shown for the derived power law exponent. A two-step optimization process is hypothesized to account for structural features of the executable.
Keywords
Get full access to this article
View all access options for this article.