Title :
Detecting virus mutations via dynamic matching
Author :
Feng, Min ; Gupta, Rajiv
Author_Institution :
CSE Dept., Univ. of California, Riverside, CA, USA
Abstract :
To defeat current commercial antivirus software, the virus developers are employing obfuscation techniques to create mutating viruses. The current antivirus software cannot handle the obfuscated viruses well since its detection methods that are based upon static signatures are not resilient to even slight variations in the code that forms the virus. In this paper, we propose a new type of virus signature, called dynamic signature, and an algorithm for matching dynamic signatures. Our dynamic signature is created based on the runtime behavior of a virus. Therefore, an obfuscated virus can also be detected using a dynamic signature as long as it dynamically behaves like the original virus. We also discuss issues related to deploying our virus detection approach. Our experiments based upon several known mutating viruses show that our method is effective in identifying obfuscated viruses.
Keywords :
computer viruses; commercial antivirus software; dynamic matching; dynamic signature; obfuscation techniques; virus developers; virus mutation detection; virus signature; Change detection algorithms; Computer viruses; Genetic mutations; Heuristic algorithms; Humans; Permission; Protection; Runtime library; Security; Viruses (medical);
Conference_Titel :
Software Maintenance, 2009. ICSM 2009. IEEE International Conference on
Conference_Location :
Edmonton, AB
Print_ISBN :
978-1-4244-4897-5
Electronic_ISBN :
1063-6773
DOI :
10.1109/ICSM.2009.5306329
