Hunting for metamorphic engines

Hunting for metamorphic engines
Mark Stamp, Wing Wong

Citation
Mark Stamp, Wing Wong. "Hunting for metamorphic engines". Journal in Computer Virology, 2(3):211-229, December 2006.

Abstract
In this paper, we analyze several metamorphic virus generators. We define a similarity index and use it to precisely quantify the degree of metamorphism that each generator produces. Then we present a detector based on hidden Markov models and we consider a simpler detection method based on our similarity index. Both of these techniques detect all of the metamorphic viruses in our test set with extremely high accuracy. In addition, we show that popular commercial virus scanners do not detect the highlymetamorphic virus variants in our test set.

Electronic downloads

hunting.pdf · application/pdf · 787 kbytes

Citation formats

HTML

Mark Stamp, Wing Wong. <a
href="http://www.truststc.org/pubs/237.html"
>Hunting for metamorphic engines</a>,
<i>Journal in Computer Virology</i>,
2(3):211-229, December 2006.

Plain text

Mark Stamp, Wing Wong. "Hunting for metamorphic
engines". <i>Journal in Computer
Virology</i>, 2(3):211-229, December 2006.

BibTeX

@article{StampWong06_HuntingForMetamorphicEngines,
    author = {Mark Stamp and Wing Wong},
    title = {Hunting for metamorphic engines},
    journal = {Journal in Computer Virology},
    volume = {2},
    number = {3},
    pages = {211-229},
    month = {December},
    year = {2006},
    abstract = {In this paper, we analyze several metamorphic
              virus generators. We define a similarity index and
              use it to precisely quantify the degree of
              metamorphism that each generator produces. Then we
              present a detector based on hidden Markov models
              and we consider a simpler detection method based
              on our similarity index. Both of these techniques
              detect all of the metamorphic viruses in our test
              set with extremely high accuracy. In addition, we
              show that popular commercial virus scanners do not
              detect the highlymetamorphic virus variants in our
              test set.},
    URL = {http://www.truststc.org/pubs/237.html}
}

Posted by Mark Stamp on 23 Mar 2007.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.