Metamorphic malware identification using engine-specific patterns based on co-opcode graphs
Küçük Resim Yok
Tarih
2020
Dergi Başlığı
Dergi ISSN
Cilt Başlığı
Yayıncı
ELSEVIER
Erişim Hakkı
info:eu-repo/semantics/closedAccess
Özet
A metamorphic virus is a type of malware that modifies its code using a morphing engine. Morphing engines are used to generate a large number of metamorphic malware variants by performing different obfuscation techniques. Since each metamorphic malware has its own unique structure, signature based anti-virus programs are ineffective to detect these metamorphic variants. Therefore, detection of these kind of viruses becomes an increasingly important task. Recently, many researchers have focused on extracting common patterns of metamorphic variants that can be used as micro-signatures to identify the metamorphic malware executables. With the similar motivation, in this work, we propose a novel metamorphic malware identification method, named HLES-MMI (Higher-level Engine Signature based Metamorphic Malware Identification). The proposed method firstly constructs a unique graph structure, called as co-opcode graph, for each metamorphic family, then extracts engine-specific opcode patterns from the graphs. Finally, it generates higher-level signature belonging to each family by representing the extracted opcode-patterns with a binary vector. Experimental results on four datasets produced by different morphing engines demonstrate the effectiveness and efficiency of the proposed method by comparing with several existing malware identification methods.
Açıklama
Anahtar Kelimeler
Metamorphic malware, Malware detection, Opcode graph, Virus generation kits, Static analysis
Kaynak
COMPUTER STANDARDS & INTERFACES
WoS Q Değeri
Q2
Scopus Q Değeri
Q1
Cilt
71
