Master of Science (MS)
Soon Tee Teoh
HMM edit distance sequence alignment Metamorphic Virus Detection
A metamorphic computer virus generates copies of itself using code morphing techniques. A new virus has the same functionality as the parent but it has a different internal structure. The goal of the metamorphic virus writer is to produce viral copies that have no common signature. If the viral copies are sufficiently different, they can evade signature detection, which is the most widely-used anti-virus technique.
In previous research, hidden Markov models (HMMs) have been used to detect some metamorphic viruses. However, recent research has shown that it is possible for carefully designed metamorphic viruses to evade HMM-based detection.
In this project, we analyze similarity-based techniques for detecting metamorphic viruses. We first consider a similarity index technique that was previously studied. We then consider new similarity techniques based on edit distance and pairwise sequence alignment. We test these similarity measures on the challenging problem of metamorphic virus detection. We compare our detection results with those obtained using an HMM-based detection method.
Patel, Mahim, "Similarity Tests for Metamorphic Virus Detection" (2011). Master's Projects. 175.