MalScan considers the function call graph as a complex social network and employs centrality analysis on sensitive application program interfaces (APIs) to express the semantic characteristics of the graph. On this basis, machine learning algorithms and ensemble learning algorithms are applied to classify the extracted features.
MalScan involves four main phases: Static Analysis, Centrality Analysis, Classification, and Ensemble Learning.