MEDUSA: MEtamorphic malware dynamic analysis usingsignature from API

Authors:
Vinod P. Nair;Harshit Jain;Yashwant K. Golecha;Manoj Singh Gaur;Vijay Laxmi
Affiliations:
Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India;Malaviya National Institute of Technology, Jaipur, India
Venue:
Proceedings of the 3rd international conference on Security of information and networks
Year:
2010

Citing 8
Cited 3

Static Analysis of Binary Code to Isolate Malicious Behaviors

WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Detection of injected, dynamically generated, and obfuscated malicious code

Proceedings of the 2003 ACM workshop on Rapid malcode
Fuzzy Systems and Knowledge Discovery: Second International Conference, FSKD 2005, Changsha, China, August 27-29, 2005, Proceedings, Part I (Lecture Notes ... / Lecture Notes in Artificial Intelligence)

Fuzzy Systems and Knowledge Discovery: Second International Conference, FSKD 2005, Changsha, China, August 27-29, 2005, Proceedings, Part I (Lecture Notes ... / Lecture Notes in Artificial Intelligence)
Analysis of Computer Intrusions Using Sequences of Function Calls

IEEE Transactions on Dependable and Secure Computing
Mining specifications of malicious behavior

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Signature Generation and Detection of Malware Families

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
User Behavior Analysis in Masquerade Detection Using Principal Component Analysis

ISDA '08 Proceedings of the 2008 Eighth International Conference on Intelligent Systems Design and Applications - Volume 01
API monitoring system for defeating worms and exploits in MS-Windows system

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

Classification of polymorphic and metamorphic malware samples based on their behavior

Proceedings of the Fifth International Conference on Security of Information and Networks
Mining control flow graph as API call-grams to detect portable executable malware

Proceedings of the Fifth International Conference on Security of Information and Networks
Behavioural detection with API call-grams to identify malicious PE files

Proceedings of the First International Conference on Security of Internet of Things

Quantified Score

Hi-index	0.00

Visualization

Abstract

Malware detection and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. The traditional signature based detection of malware fails for metamorphic malware which changes its code structurally while maintaining functionality at time of propagation. This category of malware is called metamorphic malware. In this paper we dynamically analyze the executables produced from various metamorphic generators through an emulator by tracing API calls. A signature is generated for an entire malware class (each class representing a family of viruses generated from one metamorphic generator) instead of for individual malware sample. We show that most of the metamorphic viruses of same family are detected by the same base signature. Once a base signature for a particular metamorphic generator is generated, all the metamorphic viruses created from that tool are easily detected by the proposed method. A Proximity Index between the various Metamorphic generators has been proposed to determine how similar two or more generators are.