Classification and Detection of Metamorphic Malware using Value Set Analysis

被引:25
|
作者
Leder, Felix [1 ]
Steinbock, Bastian [1 ]
Martini, Peter [1 ]
机构
[1] Univ Bonn, Inst Comp Sci 4, D-53117 Bonn, Germany
来源
2009 4TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE (MALWARE 2009) | 2009年
关键词
D O I
10.1109/MALWARE.2009.5403019
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Metamorphic malware changes the structure of its code from infection to infection. This makes it very hard to classify or to detect. While the byte-sequence of two variants may be completely different, the core functionality of the malware has to stay the same. This includes the use of flags and constants that have to be consistent at specific points. We present a novel approach that allows us to detect metamorphic variants. Based on this detection, it is also possible to classify new samples to a metamorphic family Our approach identifies variants by tracking the use of consistent values throughout the malware. Our evaluation shows a 100% detection rate with 0 false positives for all metamorphic samples that do not change their behavior.
引用
收藏
页码:39 / 46
页数:8
相关论文
共 50 条
  • [1] DaCoMM: Detection and Classification of Metamorphic Malware
    Mehra, Vishakha
    Jain, Vinesh
    Uppal, Dolly
    [J]. 2015 FIFTH INTERNATIONAL CONFERENCE ON COMMUNICATION SYSTEMS AND NETWORK TECHNOLOGIES (CSNT2015), 2015, : 668 - 673
  • [2] Metamorphic malware detection using base malware identification approach
    Mahawer, Devendra Kumar
    Nagaraju, A.
    [J]. SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (11) : 1719 - 1733
  • [3] Combining Register Value Analysis with Similarity based technique for Metamorphic Malware detection
    Rai, Sunny
    [J]. 2014 INTERNATIONAL CONFERENCE ON SIGNAL PROPAGATION AND COMPUTER TECHNOLOGY (ICSPCT 2014), 2014, : 720 - 725
  • [4] Metamorphic Malware Detection Using Code Metrics
    Canfora, Gerardo
    Mercaldo, Francesco
    Visaggio, Corrado Aaron
    Di Notte, Paolo
    [J]. INFORMATION SECURITY JOURNAL, 2014, 23 (03): : 57 - 67
  • [5] Metamorphic Malware Detection Using Linear Discriminant Analysis and Graph Similarity
    Mirzazadeh, Reza
    Moattar, Mohammad Hossein
    Jahan, Majid Vafaei
    [J]. 2015 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2015, : 61 - 66
  • [6] MalSPM: Metamorphic malware behavior analysis and classification using sequential pattern mining
    Nawaz, M. Saqib
    Fournier-Viger, Philippe
    Nawaz, M. Zohaib
    Chen, Guoting
    Wu, Youxi
    [J]. COMPUTERS & SECURITY, 2022, 118
  • [7] A Novel Malware Analysis for Malware Detection and Classification using Machine Learning Algorithms
    Sethi, Kamalakanta
    Chaudhary, Shankar Kumar
    Tripathy, Bata Krishan
    Bera, Padmalochan
    [J]. SIN'17: PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY OF INFORMATION AND NETWORKS, 2017, : 107 - 113
  • [8] Dynamic Malware Detection Using Registers Values Set Analysis
    Ghiasi, Mahboobe
    Sami, Ashkan
    Salehi, Zahra
    [J]. 2012 9TH INTERNATIONAL ISC CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2012, : 54 - 59
  • [9] Semantic Set Analysis for Malware Detection
    Nguyen Van Nhuong
    Vo Thi Yen Nhi
    Nguyen Tan Cam
    Mai Xuan Phu
    Cao Dang Tan
    [J]. COMPUTER INFORMATION SYSTEMS AND INDUSTRIAL MANAGEMENT, CISIM 2014, 2014, 8838 : 688 - 700
  • [10] Detection of Global, Metamorphic Malware Variants Using Control and Data Flow Analysis
    Agrawal, Hira
    Bahler, Lisa
    Micallef, Josephine
    Snyder, Shane
    Virodov, Alexandr
    [J]. 2012 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM 2012), 2012,
12345