To evade signature-based detection, metamorphic viruses transform their code before infecting a new system. Software similarity measures are potentially useful as a means of detecting metamorphic malware. We can compare a given file to a known sample of malware and compute their similarity—if they are sufficiently similar, we classify the file as malware of the same family. The goal of this project is to analyze an opcode-based software similarity measure inspired by simple substitution cipher cryptanalysis.
Shanmugam, Gayathri, "Simple Substitution Distance and Metamorphic Detection" (2012). Master's Projects. 270.