Code Obfuscation and Virus Detection

Venkatesan, Ashwini

doi:10.31979/etd.ez5v-x8jc

Cited by 17 publications

(27 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…6, we partitioned the collected dataset in 5KB size range. The partition size is based on the study that size of any two malwares generated by G2 [5], PS-MPC [6] and NGVCK [28] kits does not vary by more than 5 KB size ( fig. 5).…”

Section: Partitioning Methodsmentioning

confidence: 99%

Improving the Detection Accuracy of Unknown Malware by Partitioning the Executables in Groups

Sharma

Sahay

Kumar

2016

Advanced Computing and Communication Technologies

View full text Add to dashboard Cite

Abstract. Detection of unknown malware with high accuracy is always a challenging task. Therefore, in this paper we study the classification of unknown malware by two methods. In the first/regular method, similar to other authors [17][16][20] approaches we select the features by taking all dataset in one group and in second method, we select the features by partitioning the dataset in the range of file 5 KB size. We find that the second method detect the malwares with ~ 8.7% more accurate than the first/regular method.

show abstract

Section: Partitioning Methodsmentioning

confidence: 99%

Improving the Detection Accuracy of Unknown Malware by Partitioning the Executables in Groups

Sharma

Sahay

Kumar

2016

Advanced Computing and Communication Technologies

View full text Add to dashboard Cite

show abstract

“…On the other hand, knowing that "hello world" was printed to the screen a million instructions ago provides little information about the probability of the next instruction. Hidden Markov models (HMMs) are perhaps the most widely used type of Markov models [102] and have been particularly useful in code analysis including recognition of metamorphic viruses [55], [104]- [111]. HMMs assume that latent variables, which take on states, are linked in a Markov chain with conditional dependencies on the previous states.…”

Section: Feature Space Models Vs State Space Modelsmentioning

confidence: 99%

“…the Forward-Backward algorithm), which iterates between forward and backward passes and an update step until the likelihood of the observed sequence O is maximized with respect to the model. The usage of HMMs for metamorphic virus detection has been documented in [55], [104]- [111]. 2 These works assume a predominantly decrypted virus body, i.e., little to no encryption within the body to begin with, or that a previously encrypted metamorphic has been decrypted inside an emulator.…”

Section: Feature Space Models Vs State Space Modelsmentioning

confidence: 99%

A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions

Rudd

Rozsa

Günther

et al. 2017

IEEE Commun. Surv. Tutorials

126

View full text Add to dashboard Cite

Abstract-As our professional, social, and financial existences become increasingly digitized and as our government, healthcare, and military infrastructures rely more on computer technologies, they present larger and more lucrative targets for malware. Stealth malware in particular poses an increased threat because it is specifically designed to evade detection mechanisms, spreading dormant, in the wild for extended periods of time, gathering sensitive information or positioning itself for a high-impact zeroday attack. Policing the growing attack surface requires the development of efficient anti-malware solutions with improved generalization to detect novel types of malware and resolve these occurrences with as little burden on human experts as possible.In this paper, we survey malicious stealth technologies as well as existing solutions for detecting and categorizing these countermeasures autonomously. While machine learning offers promising potential for increasingly autonomous solutions with improved generalization to new malware types, both at the network level and at the host level, our findings suggest that several flawed assumptions inherent to most recognition algorithms prevent a direct mapping between the stealth malware recognition problem and a machine learning solution. The most notable of these flawed assumptions is the closed world assumption: that no sample belonging to a class outside of a static training set will appear at query time. We present a formalized adaptive open world framework for stealth malware recognition and relate it mathematically to research from other machine learning domains.

show abstract

“…Benign programs programs Building the datasets The promising features of the executables are obtained by clubbing the dataset in 5 KB size of 100 groups [1] as in the collected dataset ~97.18% malware are below 500 KB ( Figure 2) and the difference between the sizes of any two malware generated by popular advanced malware kits viz. NGVCK [32], PS-MPC [33] and G2 [34] are within 5 KB. Hence, the features obtained will have a signature of maximum executables to detect the unknown malware.…”

Section: Malwarementioning

confidence: 99%