Abstract:In this study we have presented a novel feature representation for malicious programs that can be used for malware classification. We have shown how to construct the features in a bottom-up approach, and analyzed the overlap of malicious and benign programs in terms of their components. We have shown that our method of analysis offers an increase in feature resolution that is descriptive of data movement in comparison to tf-idf features.