Opcode graph similarity and metamorphic detection

Authors:
Neha Runwal;Richard M. Low;Mark Stamp
Affiliations:
Department of Computer Science, San Jose State University, San Jose, USA;Department of Mathematics, San Jose State University, San Jose, USA;Department of Computer Science, San Jose State University, San Jose, USA
Venue:
Journal in Computer Virology
Year:
2012

Citing 6
Cited 4

Computer Viruses and Malware (Advances in Information Security)

Computer Viruses and Malware (Advances in Information Security)
Detecting Obfuscated Viruses Using Cosine Similarity Analysis

AMS '07 Proceedings of the First Asia International Conference on Modelling & Simulation
Detecting metamorphic malwares using code graphs

Proceedings of the 2010 ACM Symposium on Applied Computing
Information Security: Principles and Practice

Information Security: Principles and Practice
Hunting for undetectable metamorphic viruses

Journal in Computer Virology
Graph-based malware detection using dynamic analysis

Journal in Computer Virology

Metamorphic worm that carries its own morphing engine

Journal in Computer Virology
Simple substitution distance and metamorphic detection

Journal in Computer Virology
VILO: a rapid learning nearest-neighbor classifier for malware triage

Journal in Computer Virology
MAIL: Malware Analysis Intermediate Language: a step towards automating and optimizing malware detection

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we consider a method for computing the similarity of executable files, based on opcode graphs. We apply this technique to the challenging problem of metamorphic malware detection and compare the results to previous work based on hidden Markov models. In addition, we analyze the effect of various morphing techniques on the success of our proposed opcode graph-based detection scheme.