Abstract | ||
---|---|---|
Because of the financial and other gains attached with the growing malware industry, there is a need to automate the process of malware analysis and provide real-time malware detection. To hide a malware, obfuscation techniques are used. One such technique is metamorphism encoding that mutates the dynamic binary code and changes the opcode with every run to avoid detection. This makes malware difficult to detect in real-time and generally requires a behavioral signature for detection. In this paper we present a new framework called MARD for Metamorphic Malware Analysis and Real-Time Detection, to protect the end points that are often the last defense, against metamorphic malware. MARD provides: (1) automation (2) platform independence (3) optimizations for real-time performance and (4) modularity. We also present a comparison of MARD with other such recent efforts. Experimental evaluation of MARD achieves a detection rate of 99.6% and a false positive rate of 4%. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/AINA.2014.59 | Advanced Information Networking and Applications |
Keywords | Field | DocType |
binary codes,digital signatures,encoding,invasive software,real-time systems,MARD,behavioral signature,dynamic binary code,malware analysis process automation,malware industry,metamorphic malware analysis and real-time detection,metamorphism encoding,obfuscation techniques,opcode,Automation,Control Flow Analysis,End Point Security,Malware Analysis and Detection,Metamorphism | Data mining,False positive rate,Opcode,Computer science,Control flow analysis,Malware,Obfuscation,Pattern matching,Operating system,Modularity,Malware analysis,Distributed computing | Conference |
ISSN | Citations | PageRank |
1550-445X | 10 | 0.55 |
References | Authors | |
31 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Shahid Alam | 1 | 56 | 6.23 |
R. Nigel Horspool | 2 | 643 | 115.14 |
Issa Traore | 3 | 306 | 32.31 |