[1]Kinable J, Kostakis O. Malware classification based on call graph clustering[J]. Journal in Computer Virology, 2010, 7(4): 233245[2]Hu X, Chiueh T C, Kang G S. Largescale malware indexing using functioncall graphs[C] Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009: 611620[3]Bayer U, Comparetti P M, Hlauschek C, et al. Scalable, behaviorbased malware clustering[OL]. 2009 [20151110]. http:www.researchgate.netpublication221655390_Scalable_BehaviorBased_Malware_Clustering[4]Alam S, Horspool R N, Traore I. MAIL: Malware analysis intermediate language—A step towards automating and optimizing malware detection[C] Proc of the 6th Int Conf on Security of Information and Networks. New York: ACM, 2013: 233240[5]Kranz J, Sepp A, Simon A. GDSL: A universal toolkit for giving semantics to machine language[G] Programming Languages and Systems. Berlin: Spinger, 2003: 209216[6]Runwal N, Low R M, Stamp M. Opcode graph similarity and metamorphic detection[J]. Journal in Computer Virology, 2012, 8(12): 3752[7]Santos I, Brezo F, UgartePedrero X, et al. Opcode sequences as representation of executables for dataminingbased unknown malware detection[J]. Information Sciences, 2013, 231(9): 6482[8]Wagener G, State R, Dulaunoy A. Malware behaviour analysis[J]. Journal in Computer Virology, 2008, 4(4): 279287