Internet Archive Scholar

Classification and detection of metamorphic malware using value set analysis

Felix Leder, Bastian Steinbock, Peter Martini
2009 2009 4th International Conference on Malicious and Unwanted Software (MALWARE)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (235.8 kB)
https://web.archive.org/web/20120712172228/http://net.cs.uni-bonn.de/fileadmin/user_upload/leder/metamorphvsa.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL. The file type is application/pdf.

Metamorphic malware changes the structure of its code from infection to infection. This makes it very hard to classify or to detect. While the byte-sequence of two variants may be completely different, the core functionality of the malware has to stay the same. This includes the use of flags and constants that have to be consistent at specific points. We present a novel approach that allows us to detect metamorphic variants. Based on this detection, it is also possible to classify new samples
more » ... a metamorphic family. Our approach identifies variants by tracking the use of consistent values throughout the malware. Our evaluation shows a 100% detection rate with 0 false positives for all metamorphic samples that do not change their behavior.
doi:10.1109/malware.2009.5403019 dblp:conf/malware/LederSM09 fatcat:2slzikex3vgo7oznu24qundtde
Citation

Felix Leder, Bastian Steinbock, Peter Martini. "Classification and detection of metamorphic malware using value set analysis." 2009 4th International Conference on Malicious and Unwanted Software (MALWARE) (2009) 39-46