Camouflage in Malware: from Encryption to Metamorphism

Summary Camouflage of malware is a serious challenge for antivirus experts and code analysts. Malware use various techniques to camouflage them to not be easily visible and make their lifetime as longer as possible. Although, camouflage approaches cannot fully stop the analyzing and fighting against the malware, but it make the process of analyzing and detection prolonged, so the malware can get more time to widely spread. It is very important for antivirus technologies to improve their products by shortening the detection procedure, not only at the first time facing with a new threat, but also in the future detections. In this paper, we intend to review the concept of camouflage in malware and its evolution from non-stealth days to modern metamorphism. Moreover, we explore obfuscation techniques exploited by metamorphism, the most recent method in malware camouflage.

[1]  Rolf Rolles,et al.  Unpacking Virtualization Obfuscators , 2009, WOOT.

[2]  Éric Filiol Computer Viruses: from Theory to Applications , 2005 .

[3]  Mohamed R. Chouchane,et al.  The Design Space of Metamorphic Malware , 2007 .

[4]  Ratan K. Guha,et al.  Detecting Obfuscated Viruses Using Cosine Similarity Analysis , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[5]  Ludovic Mé,et al.  Code obfuscation techniques for metamorphic viruses , 2008, Journal in Computer Virology.

[6]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[7]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[8]  Babak Bashari Rad,et al.  Metamorphic Virus Variants Classification Using Opcode Frequency Histogram , 2011, ArXiv.

[9]  Kevin Coogan,et al.  Deobfuscation of virtualization-obfuscated software: a semantics-based approach , 2011, CCS '11.

[10]  Mattia Monga,et al.  Code Normalization for Self-Mutating Malware , 2007, IEEE Security & Privacy.

[11]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[12]  Philippe Beaucamps Advanced Polymorphic Techniques , 2007 .

[13]  Muhammad Zubair Shafiq,et al.  Evolvable malware , 2009, GECCO.

[14]  Arun Lakhotia,et al.  Are Metamorphic Viruses Really Invincible? , 2022 .

[15]  Peter Kok Keong Loh,et al.  Mechanisms of Polymorphic and Metamorphic Viruses , 2011, 2011 European Intelligence and Security Informatics Conference.

[16]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[17]  Jack W. Davidson,et al.  Defense against the dark arts , 2008, SIGCSE '08.

[18]  Jonathon T. Giffin,et al.  Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[19]  Mark Stamp,et al.  A highly metamorphic virus generator , 2010, Int. J. Multim. Intell. Secur..