Publication Date

Fall 2017

Degree Type

Master's Project

Department

Computer Science

Abstract

Each instance of metamorphic software changes its internal structure, but the function remains essentially the same. Such metamorphism has been used primarily by malware writers as a means of evading signature-based detection. However, metamorphism also has potential beneficial uses in fields related to software protection. In this research, we develop a practical framework within the LLVM compiler that automatically generates metamorphic code, where the user has well-defined control over the degree of morphing applied to the code. We analyze the effectiveness of this metamorphic generator based on Hidden Markov Model (HMM) analysis, and discover that HMMs are effective at detection up to ~285% code added.

Share

COinS