Title :
Opcodes histogram for classifying metamorphic portable executables malware
Author :
Rad, Babak Bashari ; Masrom, Maslin ; Ibrahim, Suahimi
Author_Institution :
Fac. of Comput. Sci. & Inf., Univ. Technol. of Malaysia, Kuala Lumpur, Malaysia
Abstract :
Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tiresome and time-consuming. Furthermore, for automated generated metamorphic viruses, which utilize the virus kits to produce different instances, sometime it is not possible to analyze all of them. Therefore, use of some classification methods to speed up the analysis process is necessary. In this paper, we show that how the histogram of instructions opcodes can help us in classification of metamorphic virus family variants.
Keywords :
invasive software; Opcodes histogram; antivirus; malware; metamorphic portable executables malware; metamorphic viruses; signature based scanners; virus kits; Accuracy; Databases; Educational institutions; Histograms; Informatics; Malware; Viruses (medical); metamorphic virus; opcode frequency histogram; virus classification; virus detection;
Conference_Titel :
e-Learning and e-Technologies in Education (ICEEE), 2012 International Conference on
Conference_Location :
Lodz
Print_ISBN :
978-1-4673-1679-8
DOI :
10.1109/ICeLeTE.2012.6333411
