Malware is becoming more and more aggressive and new techniques are emerging to allow malicious code to evade detection by antiviruses.Metamorphic malware is a particularly insidious kind of virus that changes its form at each infection. In this article, a technique for detecting metamorphic viruses is proposed that is based on identifying specific features of the assembly code, such as the instructions that change the contents of the registers, the instructions that change the control flow, and the potential code fragmentation. Such features have been derived by the analysis of a large dataset of malware. The experimentation suggests that the proposed technique produces very high precision (over 97%) in recognizing metamorphic malware, and allows also for distinguishing among different families of malware.
Metamorphic Malware Detection Using Code Metrics
Mercaldo F;
2014-01-01
Abstract
Malware is becoming more and more aggressive and new techniques are emerging to allow malicious code to evade detection by antiviruses.Metamorphic malware is a particularly insidious kind of virus that changes its form at each infection. In this article, a technique for detecting metamorphic viruses is proposed that is based on identifying specific features of the assembly code, such as the instructions that change the contents of the registers, the instructions that change the control flow, and the potential code fragmentation. Such features have been derived by the analysis of a large dataset of malware. The experimentation suggests that the proposed technique produces very high precision (over 97%) in recognizing metamorphic malware, and allows also for distinguishing among different families of malware.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.