Automatic loop detection in the sequence of system calls

Computer hardware and Internet are growing so fast nowadays, security threats of malicious executable programs are getting more serious. Malicious users to exploit as their roguish aims increased the usage of polymorphism and metamorphism malware. On the other side, hundreds of malware will appear by manual analysis daily. Manual analysis of this number of malware requires a lot of time that is uncontrollable. Automatic reverse engineering of malware based upon their behavior is our old wish that nowadays is going to be fulfilled. The main part of this aim is the detection of loops in the sequence of system calls that not only decreases the number of system calls for analysis but also constructs the schema of executed code. To this end, n-gram gets used to find similar subsequences of system call sequence to define as a loop.