|
|||||
|
|
Simple substitution distance and metamorphic detection |
|
| Authors: | Gayathri Shanmugam Richard M. Low Mark Stamp |
| Affiliation: | 1. Department of Computer Science, San Jose State University, San Jose, USA 2. Department of Mathematics, San Jose State University, San Jose, USA 3. Department of Computer Science, San Jose State University, San Jose, USA |
| Abstract: | To evade signature-based detection, metamorphic viruses transform their code before each new infection. Software similarity measures are a potentially useful means of detecting such malware. We can compare a given file to a known sample of metamorphic malware and compute their similarity—if they are sufficiently similar, we classify the file as malware of the same family. In this paper, we analyze an opcode-based software similarity measure inspired by simple substitution cipher cryptanalysis. We show that the technique provides a useful means of classifying metamorphic malware. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |