A Malware Variant Detection Method Based on Byte Randomness Test

Malware variants, referring to the different members in the same malware family, are generally produced by simply modifying the existing malwares in order to avoid being detected by the traditional signaturebased methods. The mass of malware variants has brought great difficulties to detect malicious code. In this paper, a malware variants detection method based on byte randomness tests is proposed. The bytes distribution value of the instruction sequences obtained from randomness tests, named as the byte randomness profiles, can preserves enough local detail about program, so it can be used as feature vector to represent malware in a distinctive manner. Moreover, the sum of squares distance (SSD) and the cosine similarity (COS) are used to measure the distinctiveness between two malwares. Experimental results show that the proposed method provides a fast and effective way to detect variants of known malware families.