The Effects of Different Representations on Static Structure Analysis of Computer Malware Signatures

The continuous growth of malware presents a problem for internet computing due to increasingly sophisticated techniques for disguising malicious code through mutation and the time required to identify signatures for use by antiviral software systems (AVS). Malware modelling has focused primarily on semantics due to the intended actions and behaviours of viral and worm code. The aim of this paper is to evaluate a static structure approach to malware modelling using the growing malware signature databases now available. We show that, if malware signatures are represented as artificial protein sequences, it is possible to apply standard sequence alignment techniques in bioinformatics to improve accuracy of distinguishing between worm and virus signatures. Moreover, aligned signature sequences can be mined through traditional data mining techniques to extract metasignatures that help to distinguish between viral and worm signatures. All bioinformatics and data mining analysis were performed on publicly available tools and Weka.

[1]  Ludovic Mé,et al.  Code obfuscation techniques for metamorphic viruses , 2008, Journal in Computer Virology.

[2]  Rodrigo Lopez,et al.  Clustal W and Clustal X version 2.0 , 2007, Bioinform..

[3]  Graeme Hirst,et al.  Algorithms for language reconstruction , 2002 .

[4]  Diomidis Spinellis,et al.  Reliable identification of bounded-length viruses is NP-complete , 2003, IEEE Trans. Inf. Theory.

[5]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[6]  Fred Cohen,et al.  Computational aspects of computer viruses , 1989, Comput. Secur..

[7]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[8]  Philippe Beaucamps,et al.  Advanced Metamorphic Techniques in Computer Viruses , 2007 .

[9]  Qinghua Zhang,et al.  MetaAware: Identifying Metamorphic Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[10]  Eric Filiol,et al.  Formalization of Viruses and Malware Through Process Algebras , 2010, 2010 International Conference on Availability, Reliability and Security.

[11]  Dirk Van den Poel,et al.  Faculteit Economie En Bedrijfskunde Hoveniersberg 24 B-9000 Gent Incorporating Sequential Information into Traditional Classification Models by Using an Element/position-sensitive Sam , 2022 .

[12]  Thomas M. Chen Intrusion Detection for Viruses and Worms , 2004 .

[13]  Mark Stamp,et al.  Metamorphic worm that carries its own morphing engine , 2013, Journal of Computer Virology and Hacking Techniques.

[14]  Jadzia Cendrowska,et al.  PRISM: An Algorithm for Inducing Modular Rules , 1987, Int. J. Man Mach. Stud..

[15]  D. Mount Bioinformatics: Sequence and Genome Analysis , 2001 .

[16]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[17]  Lance J. Hoffman,et al.  Smoking out the bad actors: Risk analysis in the age of the microcomputer , 1989, Comput. Secur..

[18]  Kouichi Sakurai,et al.  A behavior based malware detection scheme for avoiding false positive , 2010, 2010 6th IEEE Workshop on Secure Network Protocols.

[19]  Shaoning Pang,et al.  Multiple sequence alignment and artificial neural networks for malicious software detection , 2012, 2012 8th International Conference on Natural Computation.

[20]  Leonard M. Adleman,et al.  An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[21]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[22]  Somesh Jha,et al.  A semantics-based approach to malware detection , 2007, POPL '07.

[23]  Yong Tang,et al.  An Automated Signature-Based Approach against Polymorphic Internet Worms , 2007, IEEE Trans. Parallel Distributed Syst..

[24]  Christus,et al.  A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins , 2022 .

[25]  Ibrahim Sogukpinar,et al.  Polymorphic worm detection using token-pair signatures , 2008, SecPerU '08.

[26]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[27]  Guillaume Bonfante,et al.  On Abstract Computer Virology from a Recursion Theoretic Perspective , 2006, Journal in Computer Virology.

[28]  Peter Martini,et al.  Classification and detection of metamorphic malware using value set analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[29]  M S Waterman,et al.  Identification of common molecular subsequences. , 1981, Journal of molecular biology.

[30]  Ammar Ahmed E. Elhadi,et al.  Malware detection based on hybrid signature behavior application programming interface call graph , 2012 .

[31]  Yang Xiang,et al.  Classification of malware using structured control flow , 2010 .

[32]  Shaoning Pang,et al.  The Effects of Different Representations on Malware Motif Identification , 2012, 2012 Eighth International Conference on Computational Intelligence and Security.

[33]  Liu Xin,et al.  Detecting network intrusions by data mining and variable-length sequence pattern matching , 2009 .

[34]  J. Parikka Digital Contagions: A Media Archaeology of Computer Viruses , 2007 .

[35]  Tzi-cker Chiueh,et al.  Automatic Generation of String Signatures for Malware Detection , 2009, RAID.

[36]  Yanfang Ye,et al.  CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[37]  김삼묘,et al.  “Bioinformatics” 특집을 내면서 , 2000 .

[38]  Aditya P. Mathur,et al.  A Survey of Malware Detection Techniques , 2007 .

[39]  Y. Robiah,et al.  A New Generic Taxonomy on Hybrid Malware Detection Technique , 2009, ArXiv.

[40]  Mingtian Zhou,et al.  Some Further Theoretical Results about Computer Viruses , 2004, Comput. J..