By Topic

Classification and detection of metamorphic malware using value set analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Felix Leder ; University of Bonn, Institute of Computer Science IV, Roemerstr. 164, 53117, Germany ; Bastian Steinbock ; Peter Martini

Metamorphic malware changes the structure of its code from infection to infection. This makes it very hard to classify or to detect. While the byte-sequence of two variants may be completely different, the core functionality of the malware has to stay the same. This includes the use of flags and constants that have to be consistent at specific points. We present a novel approach that allows us to detect metamorphic variants. Based on this detection, it is also possible to classify new samples to a metamorphic family. Our approach identifies variants by tracking the use of consistent values throughout the malware. Our evaluation shows a 100% detection rate with 0 false positives for all metamorphic samples that do not change their behavior.

Published in:

Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on

Date of Conference:

13-14 Oct. 2009