The Technique for Metamorphic Viruses' Detection based on its Obfuscation Features Analysis
Abstract
The paper presents an approach for the metamorphic viruses detection based on its obfuscation features analysis. The obfuscation features were obtained on the basis of the equivalent functional block search in the suspicious program and its modified version. The results of the research demonstrated that the efficiency of metamorphic viruses detection based on the proposed obfuscation quantitative features depends on the choice of the similarity metric at the stages of the search and the choice refinement of the equivalent functional blocks. The adequate choice of similarity metrics at both stages allowed increasing the detection efficiency of the metamorphic viruses.
Recommended Citation
G. Markowsky et al., "The Technique for Metamorphic Viruses' Detection based on its Obfuscation Features Analysis," Proceedings of the 14th International Conference on ICT in Education, Research and Industrial Applications. Integration, Harmonization and Knowledge Transfer. Volume II: Workshops (2018, Kyiv, Ukraine), vol. 2104, pp. 680 - 687, CEUR-WS, May 2018.
Meeting Name
14th International Conference on ICT in Education, Research and Industrial Applications. Integration, Harmonization and Knowledge Transfer. Volume II: Workshops, ICTERI 2018 (2018: May 14-17, Kyiv, Ukraine)
Department(s)
Computer Science
Keywords and Phrases
Efficiency; Industrial research; Knowledge management; Viruses; Detection efficiency; Distance metrics; Functional block; Obfuscation; Opcode; Quantitative features; Similarity metrics; Feature extraction; Equivalent functional block; Metamorphic virus
International Standard Serial Number (ISSN)
1613-0073
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2018 The Authors, All rights reserved.
Publication Date
01 May 2018
