Publication Date

Fall 2012

Degree Type

Master's Project


Computer Science


To evade signature-based detection, metamorphic viruses transform their code before infecting a new system. Software similarity measures are potentially useful as a means of detecting metamorphic malware. We can compare a given file to a known sample of malware and compute their similarity—if they are sufficiently similar, we classify the file as malware of the same family. The goal of this project is to analyze an opcode-based software similarity measure inspired by simple substitution cipher cryptanalysis.