Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics

Metamorphic viruses are particularly insidious as they change their form at each infection, thus making detection hard. Many techniques have been proposed to produce metamorphic malware, and many approaches have been explored to detect it. This paper introduces a detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program. We have evaluated our technique on a population of 1,000 programs and the experimentation outcomes indicate that it is accurate in classifying metamorphic viruses and viruses of other nature, too. Virus writers use to introduce code from benign files in order to evade antivirus; our technique is able to recognize virus even if benign code is added to it.

[1]  Mark Stamp,et al.  Metamorphic worm that carries its own morphing engine , 2013, Journal of Computer Virology and Hacking Techniques.

[2]  Sami Khuri,et al.  ANALYSIS AND DETECTION OF METAMORPHIC COMPUTER VIRUSES , 2006 .

[3]  Essam Al daoud Detecting Metamorphic viruses by using Arbitrary Length of Control Flow Graphs and Nodes Alignment , 2009 .

[4]  Adnan M. Al-Smadi,et al.  Ubiquitous Computing and Communication Journal Detecting Metamorphic viruses by using Arbitrary Length of Control Flow Graphs and Nodes Alignment , 2009 .

[5]  Aditya Govindaraju Exhaustive Statistical Analysis for Detection of Metamorphic Malware , 2010 .

[6]  Arun Lakhotia,et al.  Using engine signature to detect metamorphic malware , 2006, WORM '06.

[7]  Dennis J. Turner,et al.  Symantec Internet Security Threat Report Trends for July 04-December 04 , 2005 .

[8]  Evgenios Konstantinou,et al.  Metamorphic Virus: Analysis and Detection , 2008 .

[9]  Mark Stamp,et al.  Opcode graph similarity and metamorphic detection , 2012, Journal in Computer Virology.

[10]  A. Baith Mohamed,et al.  Eigenviruses for metamorphic virus recognition , 2011, IET Inf. Secur..

[11]  Christopher Krügel,et al.  Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.

[12]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[13]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[14]  San Jos,et al.  CHI-SQUARED DISTANCE AND METAMORPHIC VIRUS DETECTION , 2012 .

[15]  Essam Al Daoud Metamorphic Viruses Detection Using Artificial Immune System , 2009, 2009 International Conference on Communication Software and Networks.

[16]  Mark Stamp,et al.  Eigenvalue analysis for metamorphic detection , 2014, Journal of Computer Virology and Hacking Techniques.

[17]  Mark Stamp,et al.  Hunting for undetectable metamorphic viruses , 2011, Journal in Computer Virology.

[18]  Mark Stamp,et al.  Chi-squared distance and metamorphic virus detection , 2013, Journal of Computer Virology and Hacking Techniques.

[19]  Heejo Lee,et al.  Detecting metamorphic malwares using code graphs , 2010, SAC '10.

[20]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[21]  Belal Zaqaibeh,et al.  Computer Virus Strategies and Detection Methods , 2008 .

[22]  Sattar Hashemi,et al.  Metamorphic Malware Detection using Control Flow Graph Mining , 2011 .

[23]  Peter Szor,et al.  HUNTING FOR METAMORPHIC , 2001 .

[24]  Mark Stamp,et al.  Hunting for metamorphic engines , 2006, Journal in Computer Virology.