Publication Date

Fall 2012

Degree Type

Master's Project

Department

Computer Science

Abstract

Metamorphic viruses change their structure on each infection while maintaining their function. Although many detection techniques have been proposed, practical and effective metamorphic detection remains a difficult challenge. In this project, we analyze a novel method for detecting metamorphic viruses. Our approach was inspired by a well-known facial recognition technique that is based on eigenvalue analysis. We compute eigenvectors using opcode sequences extracted from a set of known metamorphic viruses. These eigenvectors can then be used to score a given executable file, based on its extracted opcode sequence. We perform extensive testing to determine the effectiveness of this scoring technique for classifying metamorphic malware. Our results show that this approach yields very good results when applied to highly metamorphic malware.

Share

COinS