110 research outputs found
Function Call Graph Score for Malware Detection
Metamorphic malware changes its internal structure with each infection, while maintaining its core functionality. Detecting such malware is a challenging research problem. Function call graph analysis has previously shown promise in detecting such malware. In this research, we analyze the robustness of a function call graph score with respect to various code morphing strategies. We also consider modifications of the score that make it more robust in the face of such morphing
Function Call Graph Score for Malware Detection
Metamorphic malware changes its internal structure with each infection, while maintaining its core functionality. Detecting such malware is a challenging research problem. Function call graph analysis has previously shown promise in detecting such malware. In this research, we analyze the robustness of a function call graph score with respect to various code morphing strategies. We also consider modifications of the score that make it more robust in the face of such morphing
Effective methods to detect metamorphic malware: A systematic review
The succeeding code for metamorphic Malware is routinely rewritten to
remain stealthy and undetected within infected environments. This characteristic is
maintained by means of encryption and decryption methods, obfuscation through
garbage code insertion, code transformation and registry modification which makes
detection very challenging. The main objective of this study is to contribute an
evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen
primary studies were included in this analysis based on a pre-defined protocol. The
majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG)
and API Call Graph. Key challenges facing the detection of metamorphic malware
include code obfuscation, lack of dynamic capabilities to analyse code and application
difficulty. Methods were further analysed on the basis of their approach, limitation,
empirical evidence and key parameters such as dataset, Detection Rate (DR) and
False Positive Rate (FPR)
Metamorphic Detection Using Function Call Graph Analysis
Well-designed metamorphic malware can evade many commonly used malware detection techniques including signature scanning. In this research, we consider a score based on function call graph analysis. We test this score on several challenging classes of metamorphic malware and we show that the resulting detection rates yield an improvement over previous research
Morphing engines classification by code histogram
Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison
- …