Preprints‎ > ‎

Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics by Gerardo Canfora, Antonio Nicolò Iannaccone, Corrado Aaron Visaggio

pubblicato 01 ago 2013, 14:20 da Gerardo Canfora   [ aggiornato in data 24 feb 2014, 14:22 ]
Metamorphic viruses are particularly insidious as they change their form at each infection, thus making detection hard. Many techniques have been proposed to produce metamorphic malware, and many approaches have been explored to detect it. This paper introduces a detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program. We have evaluated our technique on a population of 1000 programs and the experimentation outcomes indicate that it is accurate in classifying metamorphic viruses and viruses of other nature, too. Virus writers use to introduce code from benign files in order to evade antivirus; our technique is able to recognize virus even if benign code is added to it.
Journal of Computer Virology and Hacking Techniques - 10(1): 11-27 (2014)
Gerardo Canfora,
01 ago 2013, 14:22