Detecting Self-mutating Malware Using Control-Flow Graph Matching
نویسندگان
چکیده
Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address such an issue and this paper represents a further contribution in such a field. More precisely in this paper we propose a strategy for the detection of metamorphic malicious code inside a program P based on the comparison of the control flow graphs of P against the set of control flow graphs of known malware. We also provide experimental data supporting the validity of our strategy.
منابع مشابه
Using Code Normalization for Fighting Self-Mutating Malware
Self mutating malware has been introduced by computer virus writers who, in ’90s, started to write polymorphic and metamorphic viruses in order to defeat anti-virus products. In this paper we present a novel approach for dealing with self mutating code which could represent the basis for a new detection strategy for this type of malware. A tool prototype has been implemented in order to validat...
متن کاملAnnotated Control Flow Graph for Metamorphic Malware Detection
Metamorphism is a technique that mutates the binary code using different obfuscations and never keeps the same sequence of opcodes in the memory. This stealth technique provides the capability to a malware for evading detection by simple signature-based (such as instruction sequences, byte sequences and string signatures) anti-malware programs. In this paper, we present a new scheme named Annot...
متن کاملMalware Analysis using Multiple API Sequence Mining Control Flow Graph
Malwares are becoming persistent by creating fulledged variants of the same or different family. Malwares belonging to same family share same characteristics in their functionality of spreading infections into the victim computer. These similar characteristics among malware families can be taken as a measure for creating a solution that can help in the detection of the malware belonging to part...
متن کاملParanoid Android: Android Malware Classification Using Supervised Learning on Call Graphs
Malware design and detection is an eternal arms race of increasing sophistication. A new front has been recently expanded in the discipline of malware obfuscation and self-modification, seeking to fool the signature-based approaches dominant in commercial anti-virus software. In response, security researchers have been seeking to design methods to classify executables based on their semantic fu...
متن کاملEnhancing the detection of metamorphic malware using call graphs
Malware stands for malicious software. It is software that is designed with a harmful intent. A malware detector is a system that attempts to identify malware using Application Programming Interface (API) call graph technique and/or other techniques. API call graph techniques follow two main steps, namely, transformation of malware samples into an API call graph using API call graph constructio...
متن کامل