Metamorphic authorship recognition using Markov models

2008-05-01

Mohamed R. Chouchane

University of Louisiana at Lafayette, USA

Andrew Walenstein

University of Louisiana at Lafayette, USA

Arun Lakhotia

University of Louisiana at Lafayette, USA
Editor: Helen Martin

Abstract

Automated code morphing techniques can make malware recognition difficult. In this article researchers at the University of Lafayette propose a method that can be used to decide whether a binary is a variant of a known item of metamorphic malware by treating the morphing engine as an author.

Copyright © 2008 Virus Bulletin

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Poll

How should software and OS patching/security updates be managed?
Manually, at the user's discretion
Automatically via an optional, user-defined schedule
Automatically via a fixed, but optional schedule
Automatically via a fixed schedule, on by default with opt-out system
Automatically and silently, with no option to run unpatched

Leave a comment
View 19 comments
Jobs Recruit Sidebar

Malware Prevalence

Dropper-misc |################|
Waledac |###############|
Agent |###########|
NetSky |#######|
Invoice |######|
 View this month's full report
Virus Bulletin currently has 165,683 registered users.