Morphing engines classification by code histogram

Babak Bashari Rad, and Maslin Masrom, and Suhaimi Ibrahim, and Zalina Mohd Daud, (2011) Morphing engines classification by code histogram. In: Symposium on Information & Computer Sciences (1st).

[img]
Preview
Text
ICS2011_03.pdf

Download (138kB) | Preview

Abstract

Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Authors are affiliated to Universiti Teknologi Malaysia.
Uncontrolled Keywords: Computer virus; Malware; Morphing Engines; Obfuscation engines; Mutation Engine; Metamorphic virus; Code histogram; Histogram comparison
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Others > Non Sunway Academics
Depositing User: Administrator Admin
Date Deposited: 16 Oct 2012 03:49
Last Modified: 09 May 2013 02:56
URI: http://eprints.sunway.edu.my/id/eprint/94

Actions (login required)

View Item View Item