Master of Science (MS)
Metamorphic viruses modify their own code to produce viral copies which are syntactically different from their parents. The viral copies have the same functionality as the parent but may have different signatures. This makes signature-based virus scanners unreliable for detecting metamorphic viruses. But statistical pattern analysis tool such as Hidden Markov Models (HMMs) can detect metamorphic viruses. Virus writers use many different code obfuscation techniques to generate metamorphic viruses. In this project we develop a metamorphic engine using code obfuscation techniques. Our metamorphic engine is designed to produce highly diverse morphed copies of the base virus. We show that commercial virus scanners cannot detect metamorphic viruses produced by our engine. We then proceed to determine whether HMMs can detect metamorphic viruses generated by our engine.
Desai, Priti, "Towards an Undetectable Computer Virus" (2008). Master's Projects. 90.