CHI-SQUARED DISTANCE AND METAMORPHIC VIRUS DETECTION A Thesis

CHI-SQUARED DISTANCE AND METAMORPHIC VIRUS DETECTION by Annie H. Toderici Malware are programs that are designed with a malicious intent. Metamorphic malware change their internal structure each generation while still maintaining their original behavior. As metamorphic malware become more sophisticated, it is important to develop efficient and accurate detection techniques. Current commercial antivirus software generally try to scan for malware signatures within files and match them against a known set of signatures; therefore, they are not able to detect metamorphic malware that change their body from generation to generation, with each copy comprised of its own unique signature. Machine learning methods such as hidden Markov models (HMM) have shown promising results in detecting metamorphic malware. However, it is possible to exploit a weakness in HMMs and avoid detection by morphing and merging the malware with contents from normal files. As an alternative approach, we consider combining HMMs with the statistical framework of the chi-squared test to build a new detection method. This paper will present the experimental results of our proposed hybrid detector in metamorphic malware detection.