Towards Metamorphic Virus Recognition Using Eigenviruses

No part of this dissertation has been submitted elsewhere for any other degree or qualification and it is all my own work unless referenced to the contrary in the text. The contents of this dissertation reflect my own personal views, and are not necessarily endorsed by the University. Declaration We certify that we have read the present work and that in our opinion it is fully adequate in scope and quality as a dissertation towards the partial fulfillment of the Master degree requirements in Computer Engineering from College of Engineering and Technology, Arab Academy for Science and Technology and Maritime Transport. Dedication For the children who lost their homes and parents in Gaza war And still hungry under blockade, Never give up, Never let down Acknowledgments First of all, thanks go to my God, then, I would like to thank my parents. My mother, who has always been there for me and taught me to be a hard worker, willing to learn and never lose hope. My father who instilled in me the love of reading from the moment he began bringing me books when I was five years old. I would like to thank Dr. Tahir El-Sunni for introducing me to the world of multivariate statistics by assigning me the presentation of Principal Component Analysis. I would also like to give special thanks to Dr. Sherin Youssef who has a smart insight of her students that made her push me to choose the topic of Eigenfaces in Artificial Intelligence course. Without comprehension of Principal Component Analysis and Eigenfaces, I could not come up with this thesis. I also take advantage of this to thank all my instructors in my educational life. Big thanks to Peter Szor, the chief antivirus researcher at Symantec Corporation and Peter Ferrie, senior antivirus researcher at Microsoft Corporation for their cooperation and responds to my questions regarding techniques used by commercial antivirus software and effectiveness of published experimental detection methods. Special thanks go to Thomas Sperl (aka SPTH), the author of W32/Flibi worm. His help and excitement made me rediscover the strong potentials of my thesis. I owe a huge thanks to my brother Ahmed Saleh, who has been always helping me out in all my life. He was always the best brother and friend for me. Last but not least, I would like to thank my wife who has been always patient and supportive …