[Home ] [Archive]   [ فارسی ]  
:: Main :: About :: Current Issue :: Archive :: Search :: Submit :: Contact ::
:: Volume 7, Issue 1 (3-2019) ::
3 2019, 7(1): 87-96 Back to browse issues page
Metamorphic Malware Identification Combining Static and Dynamic Analyzes
Hadi Golbaghi, Mojtaba Vahidi asl , Alireza Khalilian
Abstract:   (368 Views)
Malware writers leverage several techniques for thwarting the detection method of antimalware software. An effective technique is applying obfuscation techniques to make metamorphic malware. Metamorphism modifies the code structure in a way that while retaining the behavior, the pattern and structure of the code is changed. Recently, researchers have proposed a new method for metamorphic malware detection that works based on static analysis of malware code. However, some obfuscation techniques exist that when applied, the efficacy of static analyzes is adversely affected. To overcome this issue, in this paper, we apply a dynamic analysis in addition to static analysis. The new method elicits some information from both static and dynamic analyzes, combines them, and uses the resultant information to learn a classifier. The obtained classifier is then used to detect a new instance of an existing family of metamorphic malwares. In fact, the combination of both static and dynamic information is intended to address the weaknesses of each individual analysis and leads to an overall better effectiveness. In order to evaluate the proposed method, experiments on 450 files including benign files and 5 families of metamorphic malwares, namely MPCGEN, G2, VLC, NGVCK, and MWOR, have been conducted. The experiments were performed in three cases: static analysis, dynamic analysis, and the combination of both. The results of comparison among three cases show that metamorphic malware detection is not reached to 100 percent precision via either static or dynamic analysis individually. However, using the combination of both static and dynamic information could have consistently led to detection with 100 percent precision, which have been measured using ROC metric.
Keywords: Malware, Metamorphic, Obfuscation, Static analysis, Dynamic analysis
Full-Text [PDF 3016 kb]   (130 Downloads)    
Type of Study: Scientific research | Subject: Special
Received: 2017/11/21 | Accepted: 2019/03/6 | Published: 2019/03/6
Send email to the article author

Add your comments about this article
Your username or Email:

CAPTCHA


XML   Persian Abstract   Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

golbaghi H, vahidi asl M, khalilian A. Metamorphic Malware Identification Combining Static and Dynamic Analyzes. 3. 2019; 7 (1) :87-96
URL: http://monadi.isc.org.ir/article-1-113-en.html


Volume 7, Issue 1 (3-2019) Back to browse issues page
دوفصل نامه علمی ترویجی منادی امنیت فضای تولید و تبادل اطلاعات( افتا) Biannual Journal Monadi for Cyberspace Security (AFTA)
Persian site map - English site map - Created in 0.06 seconds with 32 queries by YEKTAWEB 3961