DaCoMM: Detection and Classification of Metamorphic Malware

With the fast and vast upliftment of IT sector in 21st century, the question for system security also accounts. As on one side, the IT field is growing with positivity, malware attacks are also arising on the other. Hence, a great challenge for zero day malware attack. Also, malware authors of metamorphic malware and polymorphic malware gain and extra advantage through mutation engine and virus generation toolkits as they can produce as many malware as they want. Our approach focuses on detection and classification of metamorphic malware. MM are hardest to detect by Antivirus Scanners because they differ structurally. We had gathered a total of 600 malware including those also that bypasses the AVS and 150 benign files. These files are disassembled, preprocessed, control flow graphs and API call graphs are generated. We had proposed an algorithm-Gourmand Feature Selection algorithm for selecting desired features from call graphs. Classification is done through WEKA tool, for which J-48 has given the most accuracy of 99.10%. Once the metamorphic malware are detected, they are classified according to their families using the histograms and Chi-square distance formula.