A highly metamorphic virus generator. (29th March 2011)
- Record Type:
- Journal Article
- Title:
- A highly metamorphic virus generator. (29th March 2011)
- Main Title:
- A highly metamorphic virus generator
- Authors:
- Desai, Priti
Stamp, Mark - Abstract:
- Metamorphic viruses modify their code to produce viral copies that are syntactically different from their parents. The viral copies have the same functionality as the parent but typically have no common signature. This makes signature-based virus scanners ineffective for detecting metamorphic viruses. But machine learning tool such as Hidden Markov Models (HMMs) have proven effective at detecting metamorphic viruses. Previous research has shown that most metamorphic generators do not produce a significant degree of metamorphism. In this project, we develop a metamorphic engine that yields highly diverse morphed copies of a base virus. We show that our metamorphic engine easily defeats commercial virus scanners. We then show that, perhaps surprisingly, HMM-based detection is effective against our highly metamorphic viruses. We conclude with a discussion of possible improvements to our generator that might enable it to defeat statistical-based detection methods, such as those that rely on HMMs.
- Is Part Of:
- International journal of multimedia intelligence and security. Volume 1:Number 4(2010)
- Journal:
- International journal of multimedia intelligence and security
- Issue:
- Volume 1:Number 4(2010)
- Issue Display:
- Volume 1, Issue 4 (2010)
- Year:
- 2010
- Volume:
- 1
- Issue:
- 4
- Issue Sort Value:
- 2010-0001-0004-0000
- Page Start:
- 402
- Page End:
- 427
- Publication Date:
- 2011-03-29
- Subjects:
- metamorphic viruses -- hidden Markov model -- HMM -- anti-virus scanning -- viral copies -- machine learning -- virus scanners
Security systems -- Periodicals
Data protection -- Periodicals
Computer security -- Periodicals
Biometric identification -- Periodicals
005.8 - Journal URLs:
- http://www.inderscience.com/browse/index.php?journalID=359 ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 2042-3462
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8836.xml