MOMENTUM: MetamOrphic malware exploration techniques using MSA signatures

Modern malware that are metamorphic or polymorphic in nature mutate their code by employing code obfuscation and encryption methods to thwart detection. Thus, conventional signature based scanners fail to detect these malware. In order to address the problems of detecting known variants of metamorph...

Full description

Saved in:
Bibliographic Details
Published in2012 International Conference on Innovations in Information Technology pp. 232 - 237
Main Authors Vinod, P., Laxmi, V., Gaur, M. S., Chauhan, G.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.03.2012
Subjects
Bioinformatics
DNA
Engines
Malware
metamorphic malware
multiple sequence alignment
Phylogeny
Probabilistic logic
sequence alignment
Training
Online AccessGet full text
ISBN9781467311007
1467311006
DOI10.1109/INNOVATIONS.2012.6207739

Cover

More Information
Summary:Modern malware that are metamorphic or polymorphic in nature mutate their code by employing code obfuscation and encryption methods to thwart detection. Thus, conventional signature based scanners fail to detect these malware. In order to address the problems of detecting known variants of metamorphic malware, we propose a method using bioinformatics techniques effectively used for Protein and DNA matching. Instead of using exact signature matching methods, more sophisticated signature(s) are extracted using multiple sequence alignment (MSA). The results show that the proposed method is capable of identifying malware variants with minimum false alarms and misses. Also, the detection rate achieved with our proposed method is better compared to commercial antivirus products used in the study.
ISBN:9781467311007
1467311006
DOI:10.1109/INNOVATIONS.2012.6207739