Each instance of metamorphic software changes its internal structure, but the function remains essentially the same. Such metamorphism has been used primarily by malware writers as a means of evading signature-based detection. However, metamorphism also has potential beneficial uses in fields related to software protection. In this research, we develop a practical framework within the LLVM compiler that automatically generates metamorphic code, where the user has well-defined control over the degree of morphing applied to the code. We analyze the effectiveness of this metamorphic generator based on Hidden Markov Model (HMM) analysis, and discover that HMMs are effective at detection up to ~285% code added.
Crawford, Michael, "Metamporphic Code Generation Using LLVM" (2017). Master's Projects. 557.