Name
Abstract | ||
|---|---|---|
Metamorphic malware are able to change their appearance to evade detection by traditional anti-malware software. One of the ways to help mitigate the threat of new metamorphic malware is to determine their origins, i.e., the families to which they belong. This type of metamorphic malware analysis is not typically handled by commercial software. Moreover, existing works rely on analyzing the op-code sequences extracted from the Assembly files of the malware. Very few papers have tried to perform analysis on the binary files of the malware. However, they focused on the simple binary problem of differentiating between a certain malware family and benign files. In this work, we address the more difficult problem of determining the origin of a new metamorphic malware by measuring its similarity to hundreds of variants taken from 13 families of real malware. To address this problem, we use a compression-based classification approach. We experiment with two such approaches: AMDL and BCN. The results showed that AMDL performed no better than a random guess (11% accuracy for AMDL and 18% for the random baseline). On the other hand, BCN performed really well with 67% accuracy. |
Year | Venue | Field |
|---|---|---|
2016 | 2016 IEEE/ACS 13TH INTERNATIONAL CONFERENCE OF COMPUTER SYSTEMS AND APPLICATIONS (AICCSA) | Computer science,Support vector machine,Feature extraction,Commercial software,Software,Artificial intelligence,Data compression,Malware,Cluster analysis,Hidden Markov model,Machine learning |
DocType | ISSN | Citations |
Conference | 2161-5322 | 0 |
PageRank | References | Authors |
0.34 | 0 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Duaa Ekhtoom | 1 | 0 | 0.34 |
| Mahmoud Al-Ayyoub | 2 | 730 | 63.41 |
| Mohammed I. Al-Saleh | 3 | 26 | 5.67 |
| Mohammad A. Alsmirat | 4 | 130 | 16.98 |
| Ismail Hmeidi | 5 | 95 | 11.46 |