Preprints‎ > ‎

Metamorphic Malware Detection Using Code Metrics by Gerardo Canfora, Francesco Mercaldo, Corrado Aaron Visaggio, Paolo Di Notte

pubblicato 04 ago 2014, 04:57 da Gerardo Canfora   [ aggiornato in data 05 gen 2015, 13:41 ]
Malware is becoming more and more aggressive and new techniques are emerging to allow malicious code to evade detection by antiviruses. Metamorphic malware is a particularly insidious kind of virus that changes its form at each infection. In this article, a technique for detecting metamorphic viruses is proposed that is based on identifying specific features of the assembly code, such as the instructions that change the contents of the registers, the instructions that change the control flow, and the potential code fragmentation. Such features have been derived by the analysis of a large dataset of malware. The experimentation suggests that the proposed technique produces very high precision (over 97%) in recognizing metamorphic malware, and allows also for distinguishing among different families of malware.
Information Security Journal: A Global Perspective 23(3): 57-67 (2014)
on-line preview at