Detecting virus mutations via dynamic matching

Author

Feng, Min ; Gupta, Rajiv

Author_Institution

CSE Dept., Univ. of California, Riverside, CA, USA

fYear

2009

fDate

20-26 Sept. 2009

Firstpage

105

Lastpage

114

Abstract

To defeat current commercial antivirus software, the virus developers are employing obfuscation techniques to create mutating viruses. The current antivirus software cannot handle the obfuscated viruses well since its detection methods that are based upon static signatures are not resilient to even slight variations in the code that forms the virus. In this paper, we propose a new type of virus signature, called dynamic signature, and an algorithm for matching dynamic signatures. Our dynamic signature is created based on the runtime behavior of a virus. Therefore, an obfuscated virus can also be detected using a dynamic signature as long as it dynamically behaves like the original virus. We also discuss issues related to deploying our virus detection approach. Our experiments based upon several known mutating viruses show that our method is effective in identifying obfuscated viruses.

Keywords

computer viruses; commercial antivirus software; dynamic matching; dynamic signature; obfuscation techniques; virus developers; virus mutation detection; virus signature; Change detection algorithms; Computer viruses; Genetic mutations; Heuristic algorithms; Humans; Permission; Protection; Runtime library; Security; Viruses (medical);

fLanguage

English

Publisher

ieee

Conference_Titel

Software Maintenance, 2009. ICSM 2009. IEEE International Conference on

Conference_Location

Edmonton, AB

ISSN

1063-6773

Print_ISBN

978-1-4244-4897-5

Electronic_ISBN

1063-6773

Type

conf

DOI

10.1109/ICSM.2009.5306329

Filename

5306329