BibTeX
@article{IJASEIT82,
author = {Babak Bashari Rad and Maslin Masrom},
title = {Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature},
journal = {International Journal on Advanced Science, Engineering and Information Technology},
volume = {1},
number = {4},
year = {2011},
pages = {403--408},
keywords = {Metamorphic Virus; Obfuscation Techniques; Virus Detection; Opcode Frequency Histogram},
abstract = {Metamorphic viruses  engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to  present an idea that for  a number of special  obfuscation approaches the presented solution can be  used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus.},
issn = {2088-5334},
publisher = {INSIGHT - Indonesian Society for Knowledge and Human Development},
url = {http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=82},
doi = {10.18517/ijaseit.1.4.82}
}
EndNote
%A Rad, Babak Bashari
%A Masrom, Maslin
%D 2011
%T Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature
%B 2011
%9 Metamorphic Virus; Obfuscation Techniques; Virus Detection; Opcode Frequency Histogram
%! Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature
%K Metamorphic Virus; Obfuscation Techniques; Virus Detection; Opcode Frequency Histogram
%X Metamorphic viruses  engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to  present an idea that for  a number of special  obfuscation approaches the presented solution can be  used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus.
%U http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=82
%R doi:10.18517/ijaseit.1.4.82
%J International Journal on Advanced Science, Engineering and Information Technology
%V 1
%N 4
%@ 2088-5334
IEEE
Babak Bashari Rad and Maslin Masrom,"Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature," International Journal on Advanced Science, Engineering and Information Technology, vol. 1, no. 4, pp. 403-408, 2011. [Online]. Available: http://dx.doi.org/10.18517/ijaseit.1.4.82.
RefMan/ProCite (RIS)
TY - JOUR
AU - Rad, Babak Bashari
AU - Masrom, Maslin
PY - 2011
TI - Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature
JF - International Journal on Advanced Science, Engineering and Information Technology; Vol. 1 (2011) No. 4
Y2 - 2011
SP - 403
EP - 408
SN - 2088-5334
PB - INSIGHT - Indonesian Society for Knowledge and Human Development
KW - Metamorphic Virus; Obfuscation Techniques; Virus Detection; Opcode Frequency Histogram
N2 - Metamorphic viruses  engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to  present an idea that for  a number of special  obfuscation approaches the presented solution can be  used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus.
UR - http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=82
DO - 10.18517/ijaseit.1.4.82
RefWorks
RT Journal Article
ID 82
A1 Rad, Babak Bashari
A1 Masrom, Maslin
T1 Metamorphic Virus Detection in Portable Executables Using Opcodes Statistical Feature
JF International Journal on Advanced Science, Engineering and Information Technology
VO 1
IS 4
YR 2011
SP 403
OP 408
SN 2088-5334
PB INSIGHT - Indonesian Society for Knowledge and Human Development
K1 Metamorphic Virus; Obfuscation Techniques; Virus Detection; Opcode Frequency Histogram
AB Metamorphic viruses  engage different mutation techniques to escape from string signature based scanning. They try to change their code in new offspring so that the variants appear non-similar and have no common sequences of string as signature. However, all versions of a metamorphic virus have similar task and performance. This obfuscation process helps to keep them safe from the string based signature detection. In this study, we make use of instructions statistical features to compare the similarity of two hosted files probably occupied by two mutated forms of a specific metamorphic virus. The introduced solution in this paper is relied on static analysis and employs the frequency histogram of machine opcodes in different instances of obfuscated viruses. We use Minkowski-form histogram distance measurements in order to check the likeness of portable executables (PE). The purpose of this research is to  present an idea that for  a number of special  obfuscation approaches the presented solution can be  used to identify morphed copies of a file. Thus, it can be applied by antivirus scanner to recognize different versions of a metamorphic virus.
LK http://ijaseit.insightsociety.org/index.php?option=com_content&view=article&id=9&Itemid=1&article_id=82
DO - 10.18517/ijaseit.1.4.82
