Title :
Combining register value analysis with similarity based technique for metamorphic malware detection
Author_Institution :
Dept. of Comput. Sci. & Eng., Ambedkar Inst. of Adv. Commun. Technol. & Res., New Delhi, India
Abstract :
Metamorphic malwares are one of the most deceiving category of malwares inspired from a natural phenomenon of camouflaging. The variation occurs in appearance only without interfering with the core element or properties of subject. It is implemented by utilizing simple code obfuscation techniques like dead code, sequence reordering etc. Nevertheless, Anti-Virus (AV) companies are struggling to tackle this strategy of malware writers due to incompetent syntactic signature pattern based detection. This paper discusses feasibility of malware evasion from detectors and a comparative study of detection methods to deal with metamorphic malware such as Zero transform, Hidden Markov Model, semantic analysis etc.is presented. In this paper, I propose an approach for combining value analysis of registers with other similarity based techniques for improved rate of detection with reduced false negative.
Keywords :
hidden Markov models; invasive software; transforms; AV companies; antivirus companies; code obfuscation techniques; false negative reduction; hidden Markov model; malware evasion; malware writers; metamorphic malware detection; register value analysis; semantic analysis; similarity based technique; syntactic signature pattern-based detection; zero transform; Automata; Cryptography; Hidden Markov models; Malware; Reactive power; Registers; Transforms; Code obfuscation; Cyber Security; Detection techniques; Malware; Metamorphic malwares;
Conference_Titel :
Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on
Conference_Location :
Ajmer
Print_ISBN :
978-1-4799-3139-2
DOI :
10.1109/ICSPCT.2014.6884974
