Detecting Encrypted Metamorphic Viruses by Hidden Markov Models
Virus writers make their viruses undetectable by using obfuscation methods,which ends in metamorphic viruses.We propose a method named detection circle which is based on the hidden Markov Model theory.We have used three elements to characterize a family of viruses: string occurrence probability,specifically-located character occurrence probability,and the amount of virus similarities.For the evaluation,we have created viruses and tested them by our method and four anti-virus software packages.The experimental results show that our detection rate was much higher in the first stage without obfuscation.Then we have encrypted the detected viruses and tested the proposed algorithm again.At this stage none of the four anti-viruses software packages detected viruses while our method found 70%of them.
malware metamorphic virus hidden Markov model obfuscation Introduction
Fereidoon rezaei Masoud Khalil Nezhad Saeid rezaei Ali Payandeh
Kish international campus Tehran University Tehran, Iran Karaj Branch, Islamic Azad University Karaj, Iran Dep. computer science Kharazmi University Tehran, Iran Dep. Information and Communication technology Malekeashtar University Tehran, Iran
国际会议
厦门
英文
985-989
2014-08-19(万方平台首次上网日期,不代表论文的发表时间)