Metamorphic Viruses' Detection Technique Based on the Equivalent Functional Block Search
نویسندگان
چکیده
The article presents a new technique for metamorphic viruses detection based on the search of equivalent functional blocks. The method takes into account the obfuscation techniques of blocks reordering. The method involves the searching of the correspondences between the functional blocks of the metamorphic versions, and consists of two stages. On the first stage the equivalent functional blocks based on the statistical evaluation of the instructions appearance in the block are to be searched. The second stage involves the choice refinement of equivalent blocks and selection the most appropriate block, which will be used for the the forming of the feature vector of similarity for metamorphic viruses’ versions. The method carries out the classification of feature vectors with the involvement of fuzzy logic. The proposed method allows to reduce the number of false positives in comparison with the previous study.
منابع مشابه
Metamorphic Viruses Detection Technique Based on the the Modified Emulators
An article presents a new technique for metamorphic viruses detection using modified emulators, placed in the hosts of the network. Proposed technique provides the classification of the metamorphic virus in classes with the usage of the fuzzy logic. Technique makes it possible to detect the metamorphic viruses, which use obfuscation techniques. The results of experimental studies showed the eff...
متن کاملDetecting Undetectable Computer Viruses
Signature-based detection relies on patterns present in viruses and provides a relatively simple and efficient method for detecting known viruses. At present, most anti-virus systems rely primarily on signature detection. Metamorphic viruses are one of the most difficult types of viruses to detect. Such viruses change their internal structure, which provides an effective means of evading signat...
متن کاملAnalysis and Detection of Metamorphic Computer Viruses
comparison between our approach and commercial virus scanners. I would also like to thank my friends and schoolmates for their technical and emotional support. I want to thank Yue Wang for performing the virus scanning, and Peter Hey for repairing my hard disk after it crashed at the most critical moment. Finally I want to thank my family for their understanding and support throughout my five y...
متن کاملMetamorphic Virus Variants Classification Using Opcode Frequency Histogram
In order to prevent detection and evade signature-based scanning methods, which are normally exploited by antivirus softwares, metamorphic viruses use several various obfuscation approaches. They transform their code in new instances as look entirely or partly different and contain dissimilar sequences of string, but their behavior and function remain unchanged. This obfuscation process allows ...
متن کاملA Novel Hybrid Approach for Email Spam Detection based on Scatter Search Algorithm and K-Nearest Neighbors
Because cyberspace and Internet predominate in the life of users, in addition to business opportunities and time reductions, threats like information theft, penetration into systems, etc. are included in the field of hardware and software. Security is the top priority to prevent a cyber-attack that users should initially be detecting the type of attacks because virtual environments are not moni...
متن کامل