Sciweavers

CORR
2011
Springer

Metamorphic Virus Variants Classification Using Opcode Frequency Histogram

13 years 6 months ago
Metamorphic Virus Variants Classification Using Opcode Frequency Histogram
Abstract- In order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or partly different and contain dissimilar sequences of string, but their behavior and function remain unchanged. This obfuscation process allows them to stay away from the string based signature detection. In this research, we use a statistical technique to compare the similarity between two files infected by two morphed versions of a given metamorphic virus. Our proposed solution based on static analysis and it uses the histogram of machine instructions frequency in various offspring of obfuscated viruses. We use Euclidean histogram distance metric to compare a pair of portable executable (PE) files. The aim of this study is to show that for some particular obfuscation methods, the presented solution can be exploited to detect ...
Babak Bashari Rad, Maslin Masrom
Added 16 May 2011
Updated 16 May 2011
Type Journal
Year 2011
Where CORR
Authors Babak Bashari Rad, Maslin Masrom
Comments (0)