Computer Viruses and Malware (Advances in Information Security)
Computer Viruses and Malware (Advances in Information Security)
Applied Cryptanalysis: Breaking Ciphers in the Real World
Applied Cryptanalysis: Breaking Ciphers in the Real World
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
Information Security: Principles and Practice
Information Security: Principles and Practice
Hunting for undetectable metamorphic viruses
Journal in Computer Virology
Comparing files using structural entropy
Journal in Computer Virology
Opcode graph similarity and metamorphic detection
Journal in Computer Virology
Chi-squared distance and metamorphic virus detection
Journal in Computer Virology
Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach
HICSS '13 Proceedings of the 2013 46th Hawaii International Conference on System Sciences
Hi-index | 0.00 |
To evade signature-based detection, metamorphic viruses transform their code before each new infection. Software similarity measures are a potentially useful means of detecting such malware. We can compare a given file to a known sample of metamorphic malware and compute their similarity--if they are sufficiently similar, we classify the file as malware of the same family. In this paper, we analyze an opcode-based software similarity measure inspired by simple substitution cipher cryptanalysis. We show that the technique provides a useful means of classifying metamorphic malware.