Title :
MARD: A Framework for Metamorphic Malware Analysis and Real-Time Detection
Author :
Alam, Shahinur ; Horspool, R. Nigel ; Traore, Issa
Author_Institution :
Dept. of CS, Univ. of Victoria, Victoria, BC, Canada
Abstract :
Because of the financial and other gains attached with the growing malware industry, there is a need to automate the process of malware analysis and provide real-time malware detection. To hide a malware, obfuscation techniques are used. One such technique is metamorphism encoding that mutates the dynamic binary code and changes the opcode with every run to avoid detection. This makes malware difficult to detect in real-time and generally requires a behavioral signature for detection. In this paper we present a new framework called MARD for Metamorphic Malware Analysis and Real-Time Detection, to protect the end points that are often the last defense, against metamorphic malware. MARD provides: (1) automation (2) platform independence (3) optimizations for real-time performance and (4) modularity. We also present a comparison of MARD with other such recent efforts. Experimental evaluation of MARD achieves a detection rate of 99.6% and a false positive rate of 4%.
Keywords :
binary codes; digital signatures; encoding; invasive software; real-time systems; MARD; behavioral signature; dynamic binary code; malware analysis process automation; malware industry; metamorphic malware analysis and real-time detection; metamorphism encoding; obfuscation techniques; opcode; Malware; Optimization; Pattern matching; Postal services; Real-time systems; Runtime; Software; Automation; Control Flow Analysis; End Point Security; Malware Analysis and Detection; Metamorphism;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2014 IEEE 28th International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4799-3629-8
DOI :
10.1109/AINA.2014.59
