Are current antivirus programs able to detect complex metamorphic malware? An empirical evaluation.
作者: Eric Filiol , Ludovic Mé , Jean-Marie Borello
DOI:
关键词:
摘要: In this paper, we present the design of a metamorphic engine representing type hurdle that antivirus systems need to get over in their ght against malware. First describe two steps en- gine replication process : obfuscation and modeling. Then, apply real worm evaluate current products detection ca- pacities. This assessment leads classication tools, based on observable behavior, main categories: rst one, rely- ing static techniques, presents low rates obtained by heuristic analysis. The second composed dynamic programs, focuses only elementary suspicious actions. Consequently, no appear reliably detect candidate malware after appli- cation engine. Through evaluation products, hope help defenders understand defend threat represented class
archives-ouvertes.fr
researchgate.net 参考文章(18)
Frank Tip, A survey of program slicing techniques. Journal of Programming Languages. ,vol. 3, ,(1995)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Christian Collberg, Douglas Low, C. Thomborson, A Taxonomy of Obfuscating Transformations Department of Computer Science, The University of Auckland, New Zealand. ,(1997)
Danilo Bruschi, Lorenzo Martignoni, Mattia Monga, Detecting Self-mutating Malware Using Control-Flow Graph Matching Detection of Intrusions and Malware & Vulnerability Assessment. ,vol. 4064, pp. 129- 143 ,(2006) , 10.1007/11790754_8
Fred Cohen, Computer viruses Computers & Security. ,vol. 6, pp. 22- 35 ,(1987) , 10.1016/0167-4048(87)90122-2
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Guillaume Bonfante, Matthieu Kaczmarek, Jean-Yves Marion, Architecture of a Morphological Malware Detector Journal in Computer Virology. ,vol. 5, pp. 263- 270 ,(2009) , 10.1007/S11416-008-0102-4
Noam Chomsky, On certain formal properties of grammars Information & Computation. ,vol. 2, pp. 137- 167 ,(1959) , 10.1016/S0019-9958(59)90362-6
Jean-Marie Borello, Ludovic Mé, Code obfuscation techniques for metamorphic viruses Journal in Computer Virology. ,vol. 4, pp. 211- 220 ,(2008) , 10.1007/S11416-008-0084-2
Andrew Walenstein, Rachit Mathur, Mohamed R. Chouchane, Arun Lakhotia, Normalizing Metamorphic Malware Using Term Rewriting source code analysis and manipulation. pp. 75- 84 ,(2006) , 10.1109/SCAM.2006.20