A method for detecting machine-generated malware

Authors:
Yasmine Kandissounon;Radhouane Chouchane
Affiliations:
Columbus State University, Columbus, GA;Columbus State University, Columbus, GA
Venue:
Proceedings of the 49th Annual Southeast Regional Conference
Year:
2011

Citing 3
Cited 0

The Art of Computer Virus Research and Defense

The Art of Computer Virus Research and Defense
Semantics-Aware Malware Detection

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Approximate detection of machine-morphed variants of malicious programs

Approximate detection of machine-morphed variants of malicious programs

Quantified Score

Hi-index	0.00

Visualization

Abstract

A method is proposed that applies techniques from the discipline of forensic linguistics to the problem of detecting machine-generated malicious programs, such as metamorphic malware, by attempting to attribute a suspect program to a known malware-generator. This method considerably reduces the burden of having to store one signature for every known malware instance. The proposed method was tested on a number of toolkit-generated malware instances (NGVCK and VCL) and metamorphic instances (Evol and Simile), and achieved a detection accuracy of up to 92% for the toolkits and engines that were experimented with.