Publication Date

Fall 2015

Degree Type

Master's Project

Department

Computer Science

Abstract

Malware is a software program outlined to damage or perform other unwanted actions to a computer system. Metamorphic malware is a category of malignant software programs that has the ability to change its code as it propagates. A hidden Markov model (HMM) is a statistical model where the system is assumed to be a Markov process with unseen states. An HMM is based on the use of statistics to detect patterns, and hence in metamorphic virus detection. Previous work has been done in order to create morphing engines using LLVM-bytecode format. This project includes the creation of a morphing engine for Java bytecode, using different code obfuscation techniques. The next aspect is to focus on detection techniques, specific HMM for validation of the created engine. The results presented show that HMM fail to detect the presence of morphing, provided specific set of rules have been followed while creation of metamorphic engine.

Share

COinS