Opcodes histogram for classifying metamorphic portable executables malware

Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tiresome and time-consuming. Furthermore, for automated generated metamorphic viruses, which utilize the virus kits to produce different instances, sometime it is not possible to analyze all of them. Therefore, use of some classification methods to speed up the analysis process is necessary. In this paper, we show that how the histogram of instructions opcodes can help us in classification of metamorphic virus family variants.

[1]  Anthony Kaye,et al.  Learning Together Apart , 1992 .

[2]  Linda Harasim,et al.  Collaborating in Cyberspace: Using Computer Conferences as a Group Learning Environment , 1993, Interact. Learn. Environ..

[3]  Mike Moore,et al.  Distance Education: A Systems View , 1995 .

[4]  A. Gokhale Collaborative Learning Enhances Critical Thinking , 1995 .

[5]  P. Dillenbourg What do you mean by collaborative learning , 1999 .

[6]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Christopher Krügel,et al.  Dynamic Analysis of Malicious Code , 2006, Journal in Computer Virology.

[8]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[9]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[10]  Yuval Elovici,et al.  Unknown Malcode Detection Using OPCODE Representation , 2008, EuroISI.

[11]  Stephen Asunka Online Learning in Higher Education in Sub-Saharan Africa: Ghanaian University Students' Experiences and Perceptions. , 2008 .

[12]  Muhammad Zubair Shafiq,et al.  PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[13]  Md. Rafiqul Islam,et al.  An automated classification system based on the strings of trojan and virus families , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[14]  Muhammad Zubair Shafiq,et al.  Malware detection using statistical analysis of byte-level file content , 2009, CSI-KDD '09.

[15]  Abhishek Singh Portable Executable File Format , 2009 .

[16]  Yoseba K. Penya,et al.  Idea: Opcode-Sequence-Based Malware Detection , 2010, ESSoS.

[17]  Babak Bashari Rad,et al.  Metamorphic Virus Variants Classification Using Opcode Frequency Histogram , 2011, ArXiv.

[18]  Subariah Ibrahim,et al.  Morphed Virus Family Classification Based on Opcodes Statistical Feature Using Decision Tree , 2011 .

[19]  Hyuncheol Jeong,et al.  A study of malware detection and classification by comparing extracted strings , 2011, ICUIMC '11.

[20]  Gerry Stahl,et al.  A view of Computer-Supported Collaborative Learning research today , 2011, 2011 International Conference on Collaboration Technologies and Systems (CTS).

[21]  Eul Gyu Im,et al.  Malware classification using instruction frequencies , 2011, RACS.

[22]  Michele Biasutti,et al.  Using Wiki in teacher education: Impact on knowledge management processes and student satisfaction , 2012, Comput. Educ..

[23]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[24]  Matlab Matlab (the language of technical computing): using matlab graphics ver.5 , 2014 .