Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms

The competition between malware creators and those who work on malware detection, led to emergence and development of multifarious techniques for both creation and detection. In recent years, metamorphic malwares have become a serious challenge for antivirus programmers. Signature and heuristic based techniques cannot offer plenary solutions for detection of metamorphic malwares; because such those malwares can reconstruct from generation to generation without destruction in their functions. It caused difficulty in detecting them. In this research, we introduce a new technique for detecting the unknown malwares based on the counting the assembly instructions. Statistics which are obtained from analysis of different variables of a specific malware can be utilized as a signature. Also, accuracy, efficiency and fast performance must be considered as important issues. So far, lack of some of these features is seen in almost all the suggested methods. But, in the proposed method, speed is not a challenging issue, since the extraction of statistics from assembly codes is a very fast process. Experiments on several malwares and harmless programs indicated the excellence of this method rather than previous studies.