Signature-based detection relies on patterns present in viruses and provides a relatively simple and efficient method for detecting known viruses. At present, most anti-virus systems rely primarily on signature detection. Metamorphic viruses are one of the most difficult types of viruses to detect. Such viruses change their internal structure, which provides an effective means of evading signature detection. Previous work has provided a rigorous proof that a fairly simple metamorphic engine can generate viruses that will evade any signature-based detection. In this project, we first implement a metamorphic engine that is provably undetectable—in the sense of signature-based detection. We then show that, as expected, the resulting viruses are not detected by popular commercial anti-virus scanners. Finally, we analyze the same set of viruses using a previously developed approach based on hidden Markov models (HMM). This HMM-based technique easily detects the viruses.
[1]
Peter Szor,et al.
HUNTING FOR METAMORPHIC
,
2001
.
[2]
S. Harrison,et al.
Long-COVID Symptoms in Individuals Infected with Different SARS-CoV-2 Variants of Concern: A Systematic Review of the Literature
,
2022,
Viruses.
[3]
Evgenios Konstantinou,et al.
Metamorphic Virus: Analysis and Detection
,
2008
.
[4]
Mark Stamp,et al.
Information security - principles and practice
,
2005
.
[5]
Ludovic Mé,et al.
Code obfuscation techniques for metamorphic viruses
,
2008,
Journal in Computer Virology.
[6]
Gerald Tesauro,et al.
Neural networks for computer virus recognition
,
1996
.
[7]
Arun Lakhotia,et al.
Are Metamorphic Viruses Really Invincible?
,
2022
.
[8]
Sami Khuri,et al.
ANALYSIS AND DETECTION OF METAMORPHIC COMPUTER VIRUSES
,
2006
.
[9]
Priti Desai.
Towards an Undetectable Computer Virus
,
2008
.