Eigenvalue analysis for metamorphic detection
作者: Sayali Deshpande , Younghee Park , Mark Stamp
DOI: 10.1007/S11416-013-0193-4
关键词:
摘要: Metamorphic malware changes its internal structure on each infection while maintaining function. Although many detection techniques have been proposed, practical and effective metamorphic remains a difficult challenge. In this paper, we analyze previously proposed eigenvector-based method for detection. The approach considered here was inspired by well-known facial recognition technique. We compute eigenvectors using raw byte data extracted from executables belonging to family. These are then used score collection of executable files that includes family viruses representative examples benign code. perform extensive testing determine the effectiveness classification method. Among other results, show eigenvalue-based is when applied highly code successfully evades statistical-based also experiment computing opcode sequences, as opposed sequences. Our experimental evidence indicates use sequences does not improve results.
springer.com
sci-hub.se 参考文章(30)
Min Zhao, Fangbin Ge, Tao Zhang, Zhijian Yuan, AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android international conference on information computing and applications. pp. 158- 166 ,(2011) , 10.1007/978-3-642-27503-6_22
Lindsay I. Smith, A tutorial on Principal Components Analysis ,(2002)
Haruo Yanai, Kei Takeuchi, Yoshio Takane, Singular Value Decomposition (SVD) Springer, New York, NY. pp. 125- 149 ,(2011) , 10.1007/978-1-4419-9887-3_5
Wing Wong, Suneuy Kim, Sami Khuri, ANALYSIS AND DETECTION OF METAMORPHIC COMPUTER VIRUSES ,(2006)
Babak Bashari Rad, Suhaimi Ibrahim, Zalina Mohd Daud, Maslin Masrom, Morphing engines classification by code histogram ,(2011)
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Sjsu ScholarWorks, Neha Runwal, Graph Technique For Metamorphic Virus Detection ,(2011)
Neha Runwal, Richard M. Low, Mark Stamp, Opcode graph similarity and metamorphic detection Journal of Computer Virology and Hacking Techniques. ,vol. 8, pp. 37- 52 ,(2012) , 10.1007/S11416-012-0160-5
Annie H. Toderici, Mark Stamp , Chi-squared distance and metamorphic virus detection Journal of Computer Virology and Hacking Techniques. ,vol. 9, pp. 1- 14 ,(2013) , 10.1007/S11416-012-0171-2
M.E. Saleh, A.B. Mohamed, A.A. Nabi, Eigenviruses for metamorphic virus recognition Iet Information Security. ,vol. 5, pp. 191- 198 ,(2011) , 10.1049/IET-IFS.2010.0136