Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms

Peyman Khodamoradi, Farhad Mardukhi, Masoud Nosrati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

30 Citations (Scopus)

Abstract

The competition between malware creators and those who work on malware detection, led to emergence and development of multifarious techniques for both creation and detection. In recent years, metamorphic malwares have become a serious challenge for antivirus programmers. Signature and heuristic based techniques cannot offer plenary solutions for detection of metamorphic malwares; because such those malwares can reconstruct from generation to generation without destruction in their functions. It caused difficulty in detecting them. In this research, we introduce a new technique for detecting the unknown malwares based on the counting the assembly instructions. Statistics which are obtained from analysis of different variables of a specific malware can be utilized as a signature. Also, accuracy, efficiency and fast performance must be considered as important issues. So far, lack of some of these features is seen in almost all the suggested methods. But, in the proposed method, speed is not a challenging issue, since the extraction of statistics from assembly codes is a very fast process. Experiments on several malwares and harmless programs indicated the excellence of this method rather than previous studies.

Original languageEnglish
Title of host publication18th CSI International Symposium on Computer Architecture and Digital Systems, CADS 2015
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1-6
Number of pages6
ISBN (Electronic)9781467380232
DOIs
Publication statusPublished - 8 Jan 2016
Externally publishedYes
Event18th CSI International Symposium on Computer Architecture and Digital Systems, CADS 2015 - Tehran, Iran, Islamic Republic of
Duration: 7 Oct 20158 Oct 2015

Publication series

Name18th CSI International Symposium on Computer Architecture and Digital Systems, CADS 2015
Volume2015-January

Conference

Conference18th CSI International Symposium on Computer Architecture and Digital Systems, CADS 2015
Country/TerritoryIran, Islamic Republic of
CityTehran
Period7/10/158/10/15

Keywords

  • Classification
  • Feature extraction
  • Metamorphic engine
  • Metamorphic malware
  • Obfuscation

Fingerprint

Dive into the research topics of 'Heuristic metamorphic malware detection based on statistics of assembly instructions using classification algorithms'. Together they form a unique fingerprint.

Cite this