• DocumentCode
    2976303
  • Title

    Non-normalizable functions: A new method to generate metamorphic malware

  • Author

    Owens, Rodney ; Wang, Weichao

  • Author_Institution
    SIS Dept., UNC Charlotte, Charlotte, NC, USA
  • fYear
    2011
  • fDate
    7-10 Nov. 2011
  • Firstpage
    1279
  • Lastpage
    1284
  • Abstract
    To successfully identify the metamorphic viruses oriented from the same base, anti-virus software has adopted the code normalization technique to transform the variations to a more uniform signature representation. Current code normalization technique focuses on the simplification of the arithmetical or logical operators. In this paper, we introduce a new technique of generating metamorphic viruses by embedding complicated manipulation functions that cannot be normalized into the malicious executables. Using encryption/decryption functions as an example, we present this evasion strategy that malware writers could employ in the future. We demonstrate the strategy´s effectiveness in evading detection by current anti-virus technologies. We also discuss the potential mitigation mechanisms.
  • Keywords
    invasive software; antivirus software; arithmetical operators; code normalization technique; decryption functions; encryption functions; generate metamorphic malware method; logical operators; metamorphic viruses; nonnormalizable functions; signature representation; Databases; Encryption; Malware; Registers; Semantics; Software; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
  • Conference_Location
    Baltimore, MD
  • ISSN
    2155-7578
  • Print_ISBN
    978-1-4673-0079-7
  • Type

    conf

  • DOI
    10.1109/MILCOM.2011.6127478
  • Filename
    6127478
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2976303