Computer viruses: theory and experiments
Computers and Security
Computer Viruses and Malware (Advances in Information Security)
Computer Viruses and Malware (Advances in Information Security)
Information Security: Principles and Practice
Information Security: Principles and Practice
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Opcode graph similarity and metamorphic detection
Journal in Computer Virology
Chi-squared distance and metamorphic virus detection
Journal in Computer Virology
Metamorphic worm that carries its own morphing engine
Journal in Computer Virology
Simple substitution distance and metamorphic detection
Journal in Computer Virology
VILO: a rapid learning nearest-neighbor classifier for malware triage
Journal in Computer Virology
Detecting machine-morphed malware variants via engine attribution
Journal in Computer Virology
Hi-index | 0.00 |
Commercial anti-virus scanners are generally signature based, that is, they scan for known patterns to determine whether a file is infected. To evade signature-based detection, virus writers have employed code obfuscation techniques to create metamorphic viruses. Metamorphic viruses change their internal structure from generation to generation, which can provide an effective defense against signature-based detection. To combat metamorphic viruses, detection tools based on statistical analysis have been studied. A tool that employs hidden Markov models (HMMs) was previously developed and the results are encouraging--it has been shown that metamorphic viruses created by a reasonably strong metamorphic engine can be detected using an HMM. In this paper, we explore whether there are any exploitable weaknesses in an HMM-based detection approach. We create a highly metamorphic virus-generating tool designed specifically to evade HMM-based detection. We then test our engine, showing that we can generate metamorphic copies that cannot be detected using existing HMM-based detection techniques.