Paper Info
Title
MARD: A Framework for Metamorphic Malware Analysis and Real-Time Detection
Abstract
Because of the financial and other gains attached with the growing malware industry, there is a need to automate the process of malware analysis and provide real-time malware detection. To hide a malware, obfuscation techniques are used. One such technique is metamorphism encoding that mutates the dynamic binary code and changes the opcode with every run to avoid detection. This makes malware difficult to detect in real-time and generally requires a behavioral signature for detection. In this paper we present a new framework called MARD for Metamorphic Malware Analysis and Real-Time Detection, to protect the end points that are often the last defense, against metamorphic malware. MARD provides: (1) automation (2) platform independence (3) optimizations for real-time performance and (4) modularity. We also present a comparison of MARD with other such recent efforts. Experimental evaluation of MARD achieves a detection rate of 99.6% and a false positive rate of 4%.
Year
DOI
Venue
2014
10.1109/AINA.2014.59
Advanced Information Networking and Applications
Keywords
Field
DocType
binary codes,digital signatures,encoding,invasive software,real-time systems,MARD,behavioral signature,dynamic binary code,malware analysis process automation,malware industry,metamorphic malware analysis and real-time detection,metamorphism encoding,obfuscation techniques,opcode,Automation,Control Flow Analysis,End Point Security,Malware Analysis and Detection,Metamorphism
Data mining,False positive rate,Opcode,Computer science,Control flow analysis,Malware,Obfuscation,Pattern matching,Operating system,Modularity,Malware analysis,Distributed computing
Conference
ISSN
Citations 
PageRank 
1550-445X
10
0.55
References 
Authors
31
3
Name
Order
Citations
PageRank
Shahid Alam1566.23
R. Nigel Horspool2643115.14
Issa Traore330632.31