Mark Stamp scite author profile

In this paper, we analyze several metamorphic virus generators. We define a similarity index and use it to precisely quantify the degree of metamorphism that each generator produces. Then we present a detector based on hidden Markov models and we consider a simpler detection method based on our similarity index. Both of these techniques detect all of the metamorphic viruses in our test set with extremely high accuracy. In addition, we show that popular commercial virus scanners do not detect the highly metamorphic virus variants in our test set.

show abstract

A Revealing Introduction to Hidden Markov Models

Stamp¹

2017

108

242

View full text Add to dashboard Cite

show abstract

A comparison of static, dynamic, and hybrid analysis for malware detection

Damodaran

Troia

Visaggio

et al. 2015

J Comput Virol Hack Tech

339

139

View full text Add to dashboard Cite

Hunting for undetectable metamorphic viruses

2010

View full text Add to dashboard Cite

Hunting for Undetectable Metamorphic Viruses by Da LinCommercial anti-virus scanners are generally signature based, that is, they scan for known patterns to determine whether a file is infected by a virus or not. To evade signature-based detection, virus writers have adopted code obfuscation techniques to create highly metamorphic computer viruses. Since metamorphic viruses change their appearance from generation to generation, signature-based scanners cannot detect all instances of such viruses.To combat metamorphic viruses, detection tools based on statistical analysis have been studied.A tool based on hidden Markov models (HMMs) was previously developed and the results are encouraging-it has been shown that metamorphic viruses created by a well-designed metamorphic engine can be detected using an HMM.In this project, we explore whether there are any exploitable weaknesses in this HMM-based detection approach. We create a highly metamorphic virus generating tool designed specifically to evade HMM-based detection. We then test our engine, showing that we can generate viral copies that cannot be detected using previously-developed HMM-based detection techniques.Finally, we consider possible defenses against our approach.-3 - ACKNOWLEDGEMENTS

show abstract

Opcode graph similarity and metamorphic detection

2012

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mark Stamp

Hunting for metamorphic engines

A Revealing Introduction to Hidden Markov Models

A comparison of static, dynamic, and hybrid analysis for malware detection

Hunting for undetectable metamorphic viruses

Opcode graph similarity and metamorphic detection

Contact Info

Product

Resources

About