Kwon and Lee [88] introduce BinGraph, a discovery method for metamorphic malware. API calls are extracted and converted to a hierarchical behavior graph. Extracted subgraphs represent common behavior and can be considered a ‘semantic signature’ – Kwon and Lee assume that the same API sequences...