Efficient string matching: an aid to bibliographic search
Communications of the ACM
Machine Learning
Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Computer Viruses and Malware (Advances in Information Security)
Computer Viruses and Malware (Advances in Information Security)
Information Security: Principles and Practice
Information Security: Principles and Practice
Hunting for undetectable metamorphic viruses
Journal in Computer Virology
Simple substitution distance and metamorphic detection
Journal in Computer Virology
VILO: a rapid learning nearest-neighbor classifier for malware triage
Journal in Computer Virology
| Hi-index | 0.00 |
Metamorphic malware changes its internal structure with each generation, while maintaining its original behavior. Current commercial antivirus software generally scan for known malware signatures; therefore, they are not able to detect metamorphic malware that sufficiently morphs its internal structure. Machine learning methods such as hidden Markov models (HMM) have shown promise for detecting hacker-produced metamorphic malware. However, previous research has shown that it is possible to evade HMM-based detection by carefully morphing with content from benign files. In this paper, we combine HMM detection with a statistical technique based on the chi-squared test to build an improved detection method. We discuss our technique in detail and provide experimental evidence to support our claim of improved detection.