Metamorphic malware identification using engine-specific patterns based on co-opcode graphs
| dc.contributor.author | Kakisim, Arzu Gorgulu | |
| dc.contributor.author | Nar, Mert | |
| dc.contributor.author | Sogukpinar, Ibrahim | |
| dc.date.accessioned | 2021-01-25T21:47:59Z | |
| dc.date.available | 2021-01-25T21:47:59Z | |
| dc.date.issued | 2020 | |
| dc.department | İstanbul Ticaret Üniversitesi | en_US |
| dc.description.abstract | A metamorphic virus is a type of malware that modifies its code using a morphing engine. Morphing engines are used to generate a large number of metamorphic malware variants by performing different obfuscation techniques. Since each metamorphic malware has its own unique structure, signature based anti-virus programs are ineffective to detect these metamorphic variants. Therefore, detection of these kind of viruses becomes an increasingly important task. Recently, many researchers have focused on extracting common patterns of metamorphic variants that can be used as micro-signatures to identify the metamorphic malware executables. With the similar motivation, in this work, we propose a novel metamorphic malware identification method, named HLES-MMI (Higher-level Engine Signature based Metamorphic Malware Identification). The proposed method firstly constructs a unique graph structure, called as co-opcode graph, for each metamorphic family, then extracts engine-specific opcode patterns from the graphs. Finally, it generates higher-level signature belonging to each family by representing the extracted opcode-patterns with a binary vector. Experimental results on four datasets produced by different morphing engines demonstrate the effectiveness and efficiency of the proposed method by comparing with several existing malware identification methods. | en_US |
| dc.description.sponsorship | Scientific and Technological Research Council of Turkey (TUBITAK)Turkiye Bilimsel ve Teknolojik Arastirma Kurumu (TUBITAK) [ARDEB-116E624] | en_US |
| dc.description.sponsorship | This work was supported by the Scientific and Technological Research Council of Turkey (TUBITAK), Grant No: ARDEB-116E624. | en_US |
| dc.identifier.doi | 10.1016/j.csi.2020.103443 | en_US |
| dc.identifier.issn | 0920-5489 | |
| dc.identifier.issn | 1872-7018 | |
| dc.identifier.scopus | 2-s2.0-85083035434 | en_US |
| dc.identifier.scopusquality | Q1 | en_US |
| dc.identifier.uri | https://doi.org/10.1016/j.csi.2020.103443 | |
| dc.identifier.uri | https://hdl.handle.net/11467/4474 | |
| dc.identifier.volume | 71 | en_US |
| dc.identifier.wos | WOS:000535159300005 | en_US |
| dc.identifier.wosquality | Q2 | en_US |
| dc.indekslendigikaynak | Web of Science | en_US |
| dc.indekslendigikaynak | Scopus | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | ELSEVIER | en_US |
| dc.relation.ispartof | COMPUTER STANDARDS & INTERFACES | en_US |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Metamorphic malware | en_US |
| dc.subject | Malware detection | en_US |
| dc.subject | Opcode graph | en_US |
| dc.subject | Virus generation kits | en_US |
| dc.subject | Static analysis | en_US |
| dc.title | Metamorphic malware identification using engine-specific patterns based on co-opcode graphs | en_US |
| dc.type | Article | en_US |
