Malware (or malicious software) refers to programs that have malicious intents and may perform harmful actions. Common malware includes viruses, worms, trojan horses, and spyware. They represent one of the most notorious security threats on the Internet. Using a malware detector is the most familiar method of defense to deter malware. Each malware detector has its own analysis method, and syntactic signature matching is the most basic and prevalent method used in commercial malware detectors. Unfortunately, this syntactic detection mechanism cannot cope e ectively with advanced malware, which often uses program obfuscation to alter program structures and therefore can avoid the detection easily. On the other hand, although malware writers can use obfuscation to avoid syntactic malware detector, the semantics of a malware instance is usually pre-served after obfuscation. Semantics-based approaches therefore have become the main focus of research on malware analysis. In this thesis, we propose a semantic-centric malware analysis architecture which includes monitoring of malware executions, extraction of semantic behaviors, and gener-ation of malware detectors. Observing recently proposed methods for malware analysis, we notice that string signatures are still used widely. It is a natural evolution from strings to trees, which can exhibit more semantics than strings. Therefore, we adopt trees as signatures. First, we use a sandbox to monitor malware's execution and output reports of execution traces. We then use the execution traces to construct dependency graphs and convert them into trees. Finally, we use a learning algorithm to obtain a 3-valued de-terministic nite tree automaton as a malware detector. Experimental results show that our analysis based on the proposed architecture is e ective and has low false positives.