A Novel Malware Variants Detection Method Based On Function-call Graph
Code obfuscation plays a significant role in metamorphic malware. Moreover, identifying a metamorphic malware variant is a challenge task, because its obfuscation engine can easily generate various variants with different forms while maintaining the same functionality to escape detection. This paper presents a novel approach to recognize metamorphic malware based on programs function-calf graphs. Graph-coloring and cosine similarity techniques are used to measure the similarity of two programs on the basis of functioncall graph. Experimental results have shown that the proposed method can accurately detect the metamorphic malware variants.
malware graph-coloring function-matching
Lingfei Wu Ming Xu Jian Xu Ning Zheng Haiping Zhang
Institute of Computer Application Technology Hangzhou Dianzi University Hangzhou, China, 310018
国际会议
重庆
英文
828-832
2011-08-20(万方平台首次上网日期,不代表论文的发表时间)