Hunting for Pirated Software Using Metamorphic Analysis

Abstract: Hunting for Pirated Software Using Metamorphic Analysis by Hardikkumar RanaIn this paper, we consider the problem of detecting software that has been pirated and modified. We analyze a variety of detection techniques that have been previously studied in the context of malware detection. For each technique, we empirically determine the detection rate as a function of the degree of modification of the original code. We show that the code must be greatly modified before we fail to reliably distinguish it, and we … Show more

“…As malware has become increasingly difficult to detect with traditional techniques, new approaches are needed, and machine learning based tools seem a promising avenue. Hidden Markov models are one such technique that has been used effectively for malware detection in previous work [1,4,19,21,26,31,43]. In contrast, Profile Hidden Markov Models seem to have rarely been studied in this context, with previous results being mixed, at best [3].…”

“…Next, we briefly discuss examples of analysis techniques that use static and dynamic birthmarks for malware detection As previously mentioned, static analysis involves analyzing the program without executing it. In [26], static analysis is performed by extracting opcode sequences with the help of a disassembler. The key advantage of static analysis is that it is relatively faster and efficient.…”

“…In this section, we discuss Hidden Markov Models (HMMs) in some detail. HMMs have proven useful in a wide array of fields, including speech recognition [25], malware detection [43], and software piracy analysis [26]. In this paper, we apply HMMs to the problem of malware detection based on software birthmarks.…”

“…If the birthmarks of the two files are sufficiently similar, then we assume that one software is closely related to the other. This strategy has been the basis of a variety of techniques for identifying metamorphic malware with statistical approaches [17,21,23,26,33,34,41,44].…”

Malware Detection Using Dynamic Birthmarks

“…As malware has become increasingly difficult to detect with traditional techniques, new approaches are needed, and machine learning based tools seem a promising avenue. Hidden Markov models are one such technique that has been used effectively for malware detection in previous work [1,4,19,21,26,31,43]. In contrast, Profile Hidden Markov Models seem to have rarely been studied in this context, with previous results being mixed, at best [3].…”

“…Next, we briefly discuss examples of analysis techniques that use static and dynamic birthmarks for malware detection As previously mentioned, static analysis involves analyzing the program without executing it. In [26], static analysis is performed by extracting opcode sequences with the help of a disassembler. The key advantage of static analysis is that it is relatively faster and efficient.…”

“…In this section, we discuss Hidden Markov Models (HMMs) in some detail. HMMs have proven useful in a wide array of fields, including speech recognition [25], malware detection [43], and software piracy analysis [26]. In this paper, we apply HMMs to the problem of malware detection based on software birthmarks.…”

“…If the birthmarks of the two files are sufficiently similar, then we assume that one software is closely related to the other. This strategy has been the basis of a variety of techniques for identifying metamorphic malware with statistical approaches [17,21,23,26,33,34,41,44].…”

Malware Detection Using Dynamic Birthmarks

“…If the two birthmarks are the same, the similarity in the birthmarks implies that one software is a copy of another. Based on this, there has been a lot of research in the field of software birthmarks [12,14,18,21,31,32,35,36].…”

Malware Detection Using Dynamic Analysis

A Survey of Machine Learning Algorithms and Their Application in Information Security