DocumentCode :
2976303
Title :
Non-normalizable functions: A new method to generate metamorphic malware
Author :
Owens, Rodney ; Wang, Weichao
Author_Institution :
SIS Dept., UNC Charlotte, Charlotte, NC, USA
fYear :
2011
fDate :
7-10 Nov. 2011
Firstpage :
1279
Lastpage :
1284
Abstract :
To successfully identify the metamorphic viruses oriented from the same base, anti-virus software has adopted the code normalization technique to transform the variations to a more uniform signature representation. Current code normalization technique focuses on the simplification of the arithmetical or logical operators. In this paper, we introduce a new technique of generating metamorphic viruses by embedding complicated manipulation functions that cannot be normalized into the malicious executables. Using encryption/decryption functions as an example, we present this evasion strategy that malware writers could employ in the future. We demonstrate the strategy´s effectiveness in evading detection by current anti-virus technologies. We also discuss the potential mitigation mechanisms.
Keywords :
invasive software; antivirus software; arithmetical operators; code normalization technique; decryption functions; encryption functions; generate metamorphic malware method; logical operators; metamorphic viruses; nonnormalizable functions; signature representation; Databases; Encryption; Malware; Registers; Semantics; Software; Viruses (medical);
fLanguage :
English
Publisher :
ieee
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
Conference_Location :
Baltimore, MD
ISSN :
2155-7578
Print_ISBN :
978-1-4673-0079-7
Type :
conf
DOI :
10.1109/MILCOM.2011.6127478
Filename :
6127478
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2976303
بازگشت