Hunting for metamorphic engines

Wong, Wing Hung; Stamp, Mark

doi:10.1007/s11416-006-0028-7

Cited by 224 publications

(269 citation statements)

References 10 publications

Supporting

Mentioning

263

Contrasting

Unclassified

Order By: Relevance

“…JavaScript: To mutate JavaScript files, the blinding service uses techniques that are adapted from metamorphic viruses [72]. Metamorphic viruses attempt to elude malware scanners by ensuring that each instantiation of the virus has syntactically different code that preserves the behavior of the base implementation.…”

Section: F Mutation Techniquesmentioning

confidence: 99%

Veil: Private Browsing Semantics Without Browser-side Assistance

Wang

Mickens

Zeldovich

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

Section: F Mutation Techniquesmentioning

confidence: 99%

Veil: Private Browsing Semantics Without Browser-side Assistance

Wang

Mickens

Zeldovich

2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Unlike in [30], for example, we examine the raw bytes of a file without the need for code disassembly. We deviate from [3] by considering compression ratios as an alternative measurement of entropy.…”

Section: Figure 4: Ppm-based Classificationmentioning

confidence: 99%

“…G2 viruses are one of several well-known metamorphic families. The benign files we use to compare against the G2 viruses are 16 specific Cygwin utility files [11] chosen for their representation as non-virus files in previous papers such as [3,21,30]. The exact files included in the benign data set are shown in Table 3.…”

Section: Test Data 411 Second Generation Virus Generatormentioning

confidence: 99%

“…Malicious software, or malware, continue to be a threat in spite of advances in computer security [30,35]. The detection of metamorphic malware, in particular, remains a challenging area of research due to various complexities involved [6,33].…”

Section: Introductionmentioning

confidence: 99%

“…For example, previous work has shown that despite extensive changes in internal structure, some metamorphic malware can be effectively detected using statistical based methods of similarity measurement [30]. It has also been shown that metamorphic malware can be clustered by using compression ratios as a measure of Kolmogorov complexity [29].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Compression-based analysis of metamorphic malware

Lee

Austin

Stamp

2015

IJSN

Self Cite

View full text Add to dashboard Cite

Compression-based Analysis of Metamorphic Malware by Jared LeeRecent work has presented a technique based on structural entropy measurement as an effective way to detect metamorphic malware. The technique uses two steps, file segmentation and sequence comparison, to calculate file similarity. In another previous work, it was observed that similar malware have similar measures of Kolmogorov complexity. A proposed method of estimating Kolmogorov complexity was to calculate the compression ratio of a given malware which could then be used to cluster the malicious software. Malware detection has also been attempted through the use of adaptive data compression and showed promising results. In this paper, we attempt to combine these concepts and propose using compression ratios as an alternative measure of entropy with the purpose of segmenting files according to their structural characteristics. We then compare the segment-based sequences of two given files to determine file similarity. The idea is that even after malware is transformed using a metamorphic engine, the resulting variants still share identifiable structural similarities with the original. Using this proposed technique to identify metamorphic malware, we compare our results with previous work. ACKNOWLEDGMENTS

show abstract

Annotated Bibliography

2011

Information Security

View full text Add to dashboard Cite

show abstract

Hunting for metamorphic engines

Cited by 224 publications

References 10 publications

Veil: Private Browsing Semantics Without Browser-side Assistance

Veil: Private Browsing Semantics Without Browser-side Assistance

Compression-based analysis of metamorphic malware

Annotated Bibliography

Contact Info

Product

Resources

About