Eigenviruses for metamorphic virus recognition

  title={Eigenviruses for metamorphic virus recognition},
  author={Mostafa E. Saleh and A. Baith Mohamed and A. Abdel Nabi},
  journal={IET Inf. Secur.},
Metamorphic virus recognition is the most challenging task for antivirus software, because such viruses are the hardest to detect as they change their appearance and structure on each new infection. In this study, the authors present an effective system for metamorphic virus recognition based on statistical machine learning techniques. The authors approach has successfully scored high detection rate for tested metamorphic virus classes and very low false-positive errors. The system is also able… 

Figures and Tables from this paper

Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics
A detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program to recognize virus even if benign code is added to it is introduced.
Eigenvalue analysis for metamorphic detection
This paper analyzes a previously proposed eigenvector-based method for metamorphic detection that was inspired by a well-known facial recognition technique and shows that this eigenvalue-based approach is effective when applied to a family of highly meetamorphic code that successfully evades statistical-based detection.
Metamorphic Detection Using Singular Value Decomposition
This research applies a score based on Singular Value Decomposition (SVD) to the problem of metamorphic detection, a linear algebraic technique which is applicable to a wide range of problems, including facial recognition.
Singular value decomposition and metamorphic detection
A score based on Singular Value Decomposition (SVD) is applied to the challenging problem of metamorphic detection, and a strategy to defeat such a detection scheme is outlined.
Metamorphic virus detection using feature selection techniques
  • Jikku Kuriakose, P. Vinod
  • Computer Science
    2014 International Conference on Computer and Communication Technology (ICCCT)
  • 2014
In this article, a non-signature based statistical scanner for metamorphic malware detection, employing feature ranking methods like Term Frequency-Inverse Document Frequency-Class Frequency
Metamorphic Malware Detection Using Code Metrics
A technique for detecting metamorphic viruses is proposed that is based on identifying specific features of the assembly code, such as the instructions that change the contents of the registers, the instructions to change the control flow, and the potential code fragmentation.
Obfuscated computer virus detection using machine learning algorithm
This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection and results show that current computer virus defense can be strengthening through machine learning approach.
An entropy-based distance measure for analyzing and detecting metamorphic malware
A new measure of distance between two computer programs called program dissimilarity measure based on entropy (PDME) is introduced and it is demonstrated that the measure can indicate the degree of metamorphism efficiently, and the KNN classification method using PDME can classify the metamorphic malware with a high precision.
Optimal Features for Metamorphic Malware Detection
This chapter discusses different types of malware and presents a proposed method employing machine learning techniques for the detection of metamorphic malware, demonstrating that appropriately selecting prominent features could improve the classification accuracy.
Ranked linear discriminant analysis features for metamorphic malware detection
A novel approach using Linear Discriminant Analysis (LDA) to rank and synthesize most prominent opcode bi-gram features for identifying unseen malware and benign samples is proposed and reveals that the current method could be employed to improve the detection rate of existing malware scanner available in public.


Hunting for metamorphic engines
A similarity index is defined and used to precisely quantify the degree of metamorphism that each generator produces, and a detector based on hidden Markov models and a simpler detection method based on the authors' similarity index are presented.
Computer virus-antivirus coevolution
The polymorphic virus avoids detection by mutating itself each time it infects a new program; each mutated infection is capable of performing the same tasks as its parent, yet it may look entirely different.
In this paper the authors will examine metamorphic engines to provide a better general understanding of the problem that the authors are facing and provide detection examples of some of the meetamorphic viruses.
Detecting Metamorphic viruses by using Arbitrary Length of Control Flow Graphs and Nodes Alignment
This study proposes an efficient and novel method based on arbitrary length of control flow graphs (ALCFG) and similarity of the aligned ALCFG matrix that shows that all the generated metamorphic viruses can be detected by using the suggested approach.
Code obfuscation techniques for metamorphic viruses
It is proved that reliable static detection of a particular category of metamorphic viruses is an $${\mathcal{NP}}$$-complete problem.
Imposing order on program statements to assist anti-virus scanners
The method, called a "zeroing transformation," reduces the number of possible variants of a program created by reordering statement, reshaping expression, and renaming variable, and further reduction can be expected by undoing other transformations.
The Art of Computer Virus Research and Defense
Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware.
Biological Sequence Analysis: Probabilistic Models of Proteins and Nucleic Acids
This book gives a unified, up-to-date and self-contained account, with a Bayesian slant, of such methods, and more generally to probabilistic methods of sequence analysis.
Malware Normalization
This paper describes the design and implementation of a malware normalizer that undoes the obfuscations performed by a malware writer and demonstrates that a malwarenormalizer can drastically improve detection rates of commercial malware detectors.
Eigenfaces for Recognition
A near-real-time computer system that can locate and track a subject's head, and then recognize the person by comparing characteristics of the face to those of known individuals, and that is easy to implement using a neural network architecture.