Title :
Metamorphic viruses detection by hidden Markov models
Author :
Rezaei, Fatemeh ; Hamedi-Hamzehkolaie, M. ; Rezaei, Saeid ; Payandeh, Ali
Author_Institution :
Tehran Univ., Tehran, Iran
Abstract :
Since finding and extracting a fixed signature for metamorphic viruses is hard due to the fact that, their shape changes frequently. Virus writers by using obfuscation methods make their viruses undetectable, in order to disable anti viruses to detect them easily, which ends in metamorphic viruses. We used hidden Markov model to propose the Detection Sphere method. We used three elements of a string occurrence probability, specifically-located character occurrence probability, and the amount of virus similarity to a family of viruses. The 94% detection rate result is magnificent in contrary to other anti-viruses which are less than 30%. More research and investment in multi-factor methods in hidden Markov model are recommended to detect viruses and malwares.
Keywords :
computer network security; computer viruses; hidden Markov models; detection sphere method; hidden Markov model; malware detection; metamorphic virus detection; multifactor method; obfuscation method; specifically-located character occurrence probability; string occurrence probability; virus similarity; Assembly; Data collection; Educational institutions; Hidden Markov models; Markov processes; Probability; Viruses (medical); hidden Markov model; malware; metamorphic virus;
Conference_Titel :
Telecommunications (IST), 2014 7th International Symposium on
Conference_Location :
Tehran
Print_ISBN :
978-1-4799-5358-5
DOI :
10.1109/ISTEL.2014.7000817
