[Home ] [Archive]   [ فارسی ]  
:: Main :: About :: Current Issue :: Archive :: Search :: Submit :: Contact ::
Main Menu
Home::
Journal Information::
Articles archive::
For Authors::
For Reviewers::
Registration::
Site Facilities::
Indexing::
Contact us::
::
Search in website

Advanced Search
..
Receive site information
Enter your Email in the following box to receive the site news and information.
..
Print ISSN
Print ISSN: 2476-3047
..
:: Volume 7, Issue 1 (9-2018) ::
منادی 2018, 7(1): 87-96 Back to browse issues page
Metamorphic Malware Identification Combining Static and Dynamic Analyzes
Hadi Golbaghi , Mojtaba Vahidi asl * , Alireza Khalilian
Abstract:   (2546 Views)
Malware writers leverage several techniques for thwarting the detection method of antimalware software. An effective technique is applying obfuscation techniques to make metamorphic malware. Metamorphism modifies the code structure in a way that while retaining the behavior, the pattern and structure of the code is changed. Recently, researchers have proposed a new method for metamorphic malware detection that works based on static analysis of malware code. However, some obfuscation techniques exist that when applied, the efficacy of static analyzes is adversely affected. To overcome this issue, in this paper, we apply a dynamic analysis in addition to static analysis. The new method elicits some information from both static and dynamic analyzes, combines them, and uses the resultant information to learn a classifier. The obtained classifier is then used to detect a new instance of an existing family of metamorphic malwares. In fact, the combination of both static and dynamic information is intended to address the weaknesses of each individual analysis and leads to an overall better effectiveness. In order to evaluate the proposed method, experiments on 450 files including benign files and 5 families of metamorphic malwares, namely MPCGEN, G2, VLC, NGVCK, and MWOR, have been conducted. The experiments were performed in three cases: static analysis, dynamic analysis, and the combination of both. The results of comparison among three cases show that metamorphic malware detection is not reached to 100 percent precision via either static or dynamic analysis individually. However, using the combination of both static and dynamic information could have consistently led to detection with 100 percent precision, which have been measured using ROC metric.
Keywords: Malware, Metamorphic, Obfuscation, Static analysis, Dynamic analysis
Full-Text [PDF 3016 kb]   (675 Downloads)    
Type of Study: Research Article | Subject: Special
Received: 2017/11/21 | Accepted: 2019/03/6 | Published: 2019/03/6
Send email to the article author

Add your comments about this article
Your username or Email:

CAPTCHA


XML   Persian Abstract   Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

golbaghi H, vahidi asl M, khalilian A. Metamorphic Malware Identification Combining Static and Dynamic Analyzes. منادی 2018; 7 (1) :87-96
URL: http://monadi.isc.org.ir/article-1-113-en.html


Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Volume 7, Issue 1 (9-2018) Back to browse issues page
دوفصل نامه علمی  منادی امنیت فضای تولید و تبادل اطلاعات( افتا) Biannual Journal Monadi for Cyberspace Security (AFTA)
Persian site map - English site map - Created in 0.05 seconds with 39 queries by YEKTAWEB 4645