• Corpus ID: 55244028

Camouflage in Malware: from Encryption to Metamorphism

  title={Camouflage in Malware: from Encryption to Metamorphism},
  author={Babak Bashari Rad and Maslin Masrom and Suhaimi Ibrahim},
Summary Camouflage of malware is a serious challenge for antivirus experts and code analysts. Malware use various techniques to camouflage them to not be easily visible and make their lifetime as longer as possible. Although, camouflage approaches cannot fully stop the analyzing and fighting against the malware, but it make the process of analyzing and detection prolonged, so the malware can get more time to widely spread. It is very important for antivirus technologies to improve their… 

Figures and Tables from this paper

Obfuscation procedure based on the insertion of the dead code in the crypter by binary search

This paper proposes a procedure that allows to apply the AVFUCKER, DSPLIT, and Binary Division techniques with the aim of optimizing the necessary technological resources, and reducing the time of analysis of the malware's functionality and the evasion of the antivirus.

Effective methods to detect metamorphic malware: a systematic review

Key challenges facing the detection of metamorphic malware include code obfuscation, lack of dynamic capabilities to analyse code and application difficulty, and key parameters such as dataset, detection rate (DR) and false positive rate (FPR).

Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey

A survey on malwares and its detection techniques is presented and it is shown that the recent advancement in second generation malWares can create variants and hence posed a challenge to anti-malwares developers.

The Devil ’ s Right Hand : An Investigation on Malware-oriented Obfuscation Techniques

The origins of obfuscation and its significance in malware design are looked at and why it is important to continuously investigate obfuscation techniques and why a means to measure their effectiveness in evading detection mechanisms is needed.

Obfuscation-based Malware Update: A comparison of Manual and Automated Methods

The procedure for malware updating is described to take obsolete malware that is already detectable by antiviruses, update it through obfuscation techniques and thus making it undetectable again, and an automatic solution is presented together with a comparison from the standpoint of cost and processing time.

A Survey on the Detection of Windows Desktops Malware

The survey conducted by us on the work done by the researchers in this field of malware detection is presented, and various techniques proposed/used for the detection of new or previously unseen Windows Desktops malware are presented.

Detecting and Classifying Morphed Malwares: A Survey

This paper presents a review on malware detection systems and the progress made in detecting advanced malwares which will serve as a reference to researchers interested in working on advance malware detection system.

Systems in Danger: A Short Review on Metamorphic Computer Viruses

This paper explores the common types of computer malwares and metamorphic computer viruses while reviewing the different techniques of metamorpho-malwares which are able to avoid detection.

Malware Detection and Evasion with Machine Learning Techniques : A Survey

A survey of existing researches regarding to malware detection and evasion is made by examining possible scenarios where malware could take advantage of machine learning and cryptography to improve its evasion techniques and infection impact.

Chapter 7 Static Detection of Malware

  • Computer Science
  • 2018
This chapter considers techniques that are static, in the sense that they are based on investigating the code rather than a running system, to understand the extent to which the successes of static malware detection can transfer to this case.



Obfuscation: The Hidden Malware

Obfuscation is one of the latest strategies to camouflage the telltale signs of malware, undermine antimalware software, and thwart malware analysis.

Mechanisms of Polymorphic and Metamorphic Viruses

The structural mechanisms of both polymorphic and metamorphic viruses will be presented and discussed in this paper and the new complex computer viruses such as W32/Fujacks and W34/Vundo were researched as well.

Malware Obfuscation Techniques: A Brief Survey

  • I. YouKangbin Yim
  • Computer Science
    2010 International Conference on Broadband, Wireless Computing, Communication and Applications
  • 2010
The malware obfuscation techniques are explored while reviewing the encrypted, oligomorphic, polymorphic and metamorphic malwares which are able to avoid detection.

The Design Space of Metamorphic Malware

A design space is presented for metamorphic malware, the class of malicious self-replicating programs that are able to transform their own code when replicating, which provides effective nomenclature for classifying and comparing malware and scanners.

Deobfuscation of virtualization-obfuscated software: a semantics-based approach

This paper proposes a different approach to the problem that focuses on identifying instructions that affect the observable behavior of the obfuscated code, and aims to complement existing techniques by broadening the domain of obfuscated programs eligible for automated analysis.

Metamorphic Virus Variants Classification Using Opcode Frequency Histogram

The aim of this study is to show that for some particular obfuscation methods, the presented solution can be exploited to detect morphed varieties of a file and can be utilized by non-string based signature scanning to identify whether a file is a version of a metamorphic virus or not.

Detecting Obfuscated Viruses Using Cosine Similarity Analysis

This work uses the cosine similarity function to compare two files based on static analysis of the portable executable (PE) format and shows that for certain evasion techniques, it is possible to identify polymorphic/metamorphic versions of filesbased on cosine similarities.

Impeding Malware Analysis Using Conditional Code Obfuscation

This work has implemented a compiler-level tool that takes a malware source program and automatically generates an obfuscated binary and provides insight into the strengths, weaknesses, and possible ways to strengthen current analysis approaches in order to defeat this malware obfuscation technique.

Unpacking virtualization obfuscators

This work provides a novel technique for circumventing one of the most problematic features of modern software protections, so-called virtualization obfuscation, and enables analysis of heretofore impenetrable malware.

Are Metamorphic Viruses Really Invincible?

The Achilles' heel of a metamorphic virus is identified and it is found that in order to mutate its code, generations after generations, a met morphic virus must analyze its own code.