Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms

The competition between malware creators and those who work on malware detection, led to emergence and development of multifarious techniques for both creation and detection. In recent years, metamorphic malwares have become a serious challenge for antivirus programmers. Signature and heuristic based techniques cannot offer plenary solutions for detection of metamorphic malwares; because such those malwares can reconstruct from generation to generation without destruction in their functions. It caused difficulty in detecting them. In this research, we introduce a new technique for detecting the unknown malwares based on the counting the assembly instructions. Statistics which are obtained from analysis of different variables of a specific malware can be utilized as a signature. Also, accuracy, efficiency and fast performance must be considered as important issues. So far, lack of some of these features is seen in almost all the suggested methods. But, in the proposed method, speed is not a challenging issue, since the extraction of statistics from assembly codes is a very fast process. Experiments on several malwares and harmless programs indicated the excellence of this method rather than previous studies.

[1]  Mark Stamp,et al.  Hunting for undetectable metamorphic viruses , 2011, Journal in Computer Virology.

[2]  Igor Santos,et al.  Opcode-Sequence-Based Semi-supervised Unknown Malware Detection , 2011, CISIS.

[3]  Guido van Rossum,et al.  Python Programming Language , 2007, USENIX Annual Technical Conference.

[4]  Belal Zaqaibeh,et al.  Computer Virus Strategies and Detection Methods , 2008 .

[5]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[6]  Srinivas Mukkamala,et al.  Malware detection using assembly and API call sequences , 2011, Journal in Computer Virology.

[7]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[8]  Christopher Krügel,et al.  Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.

[9]  Mark Stamp,et al.  Hunting for metamorphic engines , 2006, Journal in Computer Virology.

[10]  Edna Chelangat Milgo Statistical Tools for Linking Engine-Generated Malware to Its Engine , 2009 .

[11]  Igor Santos,et al.  Semi-supervised Learning for Unknown Malware Detection , 2011, DCAI.

[12]  Curtis B. Storlie,et al.  Graph-based malware detection using dynamic analysis , 2011, Journal in Computer Virology.

[13]  Evgenios Konstantinou,et al.  Metamorphic Virus: Analysis and Detection , 2008 .

[14]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[15]  Yoseba K. Penya,et al.  Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[16]  Prashant B. Swadas,et al.  Metamorphic Malware Detection Using Statistical Analysis , 2012 .