Computer Viruses and Malware (Advances in Information Security)
Computer Viruses and Malware (Advances in Information Security)
Information Security: Principles and Practice
Information Security: Principles and Practice
Hunting for undetectable metamorphic viruses
Journal in Computer Virology
Graph-based malware detection using dynamic analysis
Journal in Computer Virology
Opcode graph similarity and metamorphic detection
Journal in Computer Virology
Hi-index | 0.00 |
Metamorphic malware changes its internal structure across generations, but its functionality remains unchanged. Well-designed metamorphic malware will evade signature detection. Recent research has revealed techniques based on hidden Markov models (HMMs) for detecting many types of metamorphic malware, as well as techniques for evading such detection. A worm is a type of malware that actively spreads across a network to other host systems. In this project we design and implement a prototype metamorphic worm that carries its own morphing engine. This is challenging, since the morphing engine itself must be morphed across replications, which imposes restrictions on the structure of the worm. Our design employs previously developed techniques to evade detection. We provide test results to confirm that this worm effectively evades signature and HMM-based detection, and we consider possible detection strategies. This worm provides a concrete example that should prove useful for additional metamorphic detection research.