Title : 
Meta opcode space for morphed malware detection
         
        
            Author : 
Athira Azhikoden;P. Vinod
         
        
            Author_Institution : 
Department of Computer Science & Engineering, SCMS School of Engineering & Technology, Ernakulam, Kerala, India
         
        
        
        
        
            Abstract : 
Metamorphic malware have different code structure but exhibit similar functionality. These viruses have the capability to morph its code after each iteration. This diversity in the structure generate different binary string for variants of same base malware. Consequently, signature based scanners fail in detecting metamorphic malware. This paper describes a statistical approach for detecting metamorphic malwares by employing feature ranking and dimensionality reduction method as the dimensionality of the features/attribute might scale due to obfuscation and size of malicious programs. Weighted score method is used for ranking each bi-gram mnemonics and a proposed method known as Reduced Attribute using Mutual Information (RAMI) is employed for minimizing attributes from large feature space. An overall accuracy of 100% with a F-measure of 1 depict that the proposed approach can be used for supporting commercial anti-virus scanners.
         
        
            Keywords : 
"Malware","Hidden Markov models","Correlation","Predictive models","Mutual information","Technological innovation","Information technology"
         
        
        
            Conference_Titel : 
Innovations in Information Technology (IIT), 2015 11th International Conference on
         
        
            Print_ISBN : 
978-1-4673-8509-1
         
        
        
            DOI : 
10.1109/INNOVATIONS.2015.7381555