MOMENTUM: MetamOrphic malware exploration techniques using MSA signatures

Author

Vinod, P. ; Laxmi, V. ; Gaur, M.S. ; Chauhan, Grijesh

Author_Institution

Dept. of Comput. En, Malaviya Nat. Inst. of Technol., Jaipur, India

fYear

2012

fDate

18-20 March 2012

Firstpage

232

Lastpage

237

Abstract

Modern malware that are metamorphic or polymorphic in nature mutate their code by employing code obfuscation and encryption methods to thwart detection. Thus, conventional signature based scanners fail to detect these malware. In order to address the problems of detecting known variants of metamorphic malware, we propose a method using bioinformatics techniques effectively used for Protein and DNA matching. Instead of using exact signature matching methods, more sophisticated signature(s) are extracted using multiple sequence alignment (MSA). The results show that the proposed method is capable of identifying malware variants with minimum false alarms and misses. Also, the detection rate achieved with our proposed method is better compared to commercial antivirus products used in the study.

Keywords

DNA; biocomputing; bioinformatics; cryptography; digital signatures; invasive software; proteins; DNA matching; MOMENTUM; MSA signatures; antivirus products; bioinformatics techniques; code obfuscation; encryption methods; metamorphic malware exploration techniques; multiple sequence alignment; protein matching; signature based scanners; signature matching methods; Bioinformatics; DNA; Engines; Malware; Phylogeny; Probabilistic logic; Training; bioinformatics; metamorphic malware; multiple sequence alignment; sequence alignment;

fLanguage

English

Publisher

ieee

Conference_Titel

Innovations in Information Technology (IIT), 2012 International Conference on

Conference_Location

Abu Dhabi

Print_ISBN

978-1-4673-1100-7

Type

conf

DOI

10.1109/INNOVATIONS.2012.6207739

Filename

6207739