Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature

Metamorphic viruses  engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to  present an idea that for  a number of special  obfuscation approaches the presented solution can be  used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus

Evolution of Computer Virus Concealment and Anti-Virus Techniques: A Short Survey

This paper presents a general overview on evolution of concealment methods in computer viruses and defensive techniques employed by anti-virus products. In order to stay far from the anti-virus scanners, computer viruses gradually improve their codes to make them invisible. On the other hand, anti-virus technologies continually follow the virus tricks and methodologies to overcome their threats. In this process, anti-virus experts design and develop new methodologies to make them stronger, more and more, every day. The purpose of this paper is to review these methodologies and outline their strengths and weaknesses to encourage those are interested in more investigation on these areas

Morphing engines classification by code histogram

Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison

Tailoring Software Development Methodologies for Reliability

In recent times, many organizations have sought ways of improving the quality of software products due to the complexity and continuous change in technological trends. These trends have given rise to more sophisticated software systems, which are required for proper functioning at all times. Most research literature proposes tailoring of standard development methodologies due to their inadequacies and inability to meet up with users’ needs and system requirements. Reliability engineering has become an approach towards addressing software systems complexity, and also serve as a guarantee towards quality conformance and assurance of software products. In this research paper, the importance of reliability and tailoring is discussed to lay the foundation for the integration of basic reliability engineering techniques into software development

Morphing Engines Classification by Code Histogram

Abstract-Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison

Camouflage in Malware : from encryption to metamorphism

Camouflage of malware is a serious challenge for antivirus experts and code analysts. Malware use various techniques to camouflage them to not be easily visible and make their lifetime as longer as possible. Although, camouflage approaches cannot fully stop the analyzing and fighting against the malware, but it make the process of analyzing and detection prolonged, so the malware can get more time to widely spread. It is very important for antivirus technologies to improve their products by shortening the detection procedure, not only at the first time facing with a new threat, but also in the future detections. In this paper, we intend to review the concept of camouflage in malware and its evolution from non-stealth days to modern metamorphism. Moreover, we explore obfuscation techniques exploited by metamorphism, the most recent method in malware camouflage

A hybrid model for forecasting communicable diseases in Maldives

The Maldives is an island nation and the islands are scattered over 26 atolls. The government of Maldives is trying to improve health services in the country and improve the accessibility of services throughout the country at the peripheral levels. The healthcare industry collects a large amount of healthcare information, which contains several patterns, such as outbreaks of diseases. However, this data frequently goes unexploited. Accurate forecasting using this past data could help healthcare managers in taking appropriate decisions especially in implementing preventing measures. Due to the geographical nature of Maldives, it is difficult to implement preventive measures in case of an outbreak. There is no single approach to be used for health forecasting; thus, various methods have been used to specific health conditions or healthcare resources. Healthcare comprises of both complex linear and nonlinear patterns, which can affect the forecasting accuracy if only linear models or neural networks are used. In this research, a hybrid of the ARIMA model and Neural Network has been proposed to forecast healthcare data. A dataset comprising of 10 diseases including unique cases reported for each disease, between the years 2012 and 2016 have been used in this research. It was found that the proposed model performed well on 7 out of the 10 diseases