Title :
Detecting metamorphic malware by using behavior-based aggregated signature
Author :
Yanzhen Qu ; Hughes, Kit
Author_Institution :
Sch. of Comput. Sci., Colorado Tech. Univ., Colorado Springs, CO, USA
Abstract :
The capability of advanced malware, such as metamorphic malware and polymorphic malware, are quickly outpacing our current abilities to detect their presence. For example, all current signature based malware-detection methods have become ineffective because they only create signatures based on the executable files that will be obfuscated by every instance of advanced malware. However, behavior is a characteristic in advanced malware that remains consistent throughout variants within a family of malware. We have capitalized upon this to create an aggregated signature for a family of malware. Creating a signature that spans a malware family allows it to identify known and new variants of that family. Using an aggregated signature versus many signatures for each variant for detection of malware provides many benefits to anti-virus vendors and the community as a whole by reducing the size of the signature database, reducing maintenance, and increasing speed of detection without losing accuracy.
Keywords :
digital signatures; invasive software; advanced malware; antivirus vendors; behavior-based aggregated signature; metamorphic malware detection method; polymorphic malware; signature database size; Analytical models; Data models; Generators; Logistics; Malware; Software; aggregated signature; detection; metamorphic malware; polymorphic malware; signature;
Conference_Titel :
Internet Security (WorldCIS), 2013 World Congress on
Conference_Location :
London
DOI :
10.1109/WorldCIS.2013.6751010
