Metamorphic authorship recognition using Markov models

2008-05-01

Mohamed R. Chouchane

University of Louisiana at Lafayette, USA

Andrew Walenstein

University of Louisiana at Lafayette, USA

Arun Lakhotia

University of Louisiana at Lafayette, USA

Editor: Helen Martin

Abstract

Automated code morphing techniques can make malware recognition difficult. In this article researchers at the University of Lafayette propose a method that can be used to decide whether a binary is a variant of a known item of metamorphic malware by treating the morphing engine as an author.

Copyright © 2008 Virus Bulletin

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

PDF

Please register to download the PDF

Comment

Online banking call to arms

News

Malware prevalence report

March 2008

Features

Algorithms for grouping similar samples in malware analysis
Metamorphic authorship recognition using Markov models

Opinion

Blended malware defence

Product review

eEye Digital Security Blink Professional 4.0

Calendar

Anti-malware industry events

Spam Bulletin

See also

Quick Links

Poll

When do you install software updates?
Leave a comment
View 12 comments

Jobs Career Sidebar

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago

VB2010

VB2010

VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.

Virus Bulletin currently has 208,224 registered users.