Detecting Undetectable Computer Viruses
نویسندگان
چکیده
Signature-based detection relies on patterns present in viruses and provides a relatively simple and efficient method for detecting known viruses. At present, most anti-virus systems rely primarily on signature detection. Metamorphic viruses are one of the most difficult types of viruses to detect. Such viruses change their internal structure, which provides an effective means of evading signature detection. Previous work has provided a rigorous proof that a fairly simple metamorphic engine can generate viruses that will evade any signature-based detection. In this project, we first implement a metamorphic engine that is provably undetectable—in the sense of signature-based detection. We then show that, as expected, the resulting viruses are not detected by popular commercial anti-virus scanners. Finally, we analyze the same set of viruses using a previously developed approach based on hidden Markov models (HMM). This HMM-based technique easily detects the viruses.
منابع مشابه
Detecting Undetectable Metamorphic Viruses
Signature-based detection provides a relatively simple and efficient method for detecting known viruses. At present, most antivirus systems rely primarily on signature
متن کاملPrecessing microblazars and unidentified gamma-ray sources
The recent discovery by Paredes et al. (2000) of a persistent microquasar that is positionally coincident with an unidentified gamma-ray source has open the possibility that other sources in the Third EGRET Catalog could be interpreted as microquasars as well. In this letter we show that some variable unidentified EGRET sources in the galactic plane could be produced by faint, otherwise undetec...
متن کاملA Study of Detecting Computer Viruses in Real-Infected Files in the n-Gram Representation with Machine Learning Methods
Machine learning methods were successfully applied in recent years for detecting new and unseen computer viruses. The viruses were, however, detected in small virus loader files and not in real infected executable files. We created data sets of benign files, virus loader files and real infected executable files and represented the data as collections of n-grams. Histograms of the relative frequ...
متن کاملA Novel Hybrid Approach for Email Spam Detection based on Scatter Search Algorithm and K-Nearest Neighbors
Because cyberspace and Internet predominate in the life of users, in addition to business opportunities and time reductions, threats like information theft, penetration into systems, etc. are included in the field of hardware and software. Security is the top priority to prevent a cyber-attack that users should initially be detecting the type of attacks because virtual environments are not moni...
متن کاملA Computer Virus Detecting Model based on Artificial Immune and Key Code
Existing antivirus technology depends on extracting signatures. They are inefficient on detecting diverse forms of computer viruses, especially new variants and unknown viruses. Inspired by biological immune system, a virus detection model based on artificial immune and key-signatures extraction is proposed. This model adopt TF-IDF Algorithm to extract virus ODNS from virus DNA parts on code le...
متن کامل