CFP last date
22 April 2024
Reseach Article

Detecting and Classifying Morphed Malwares: A Survey

by Sanjam Singla, Ekta Gandotra, Divya Bansal, Sanjeev Sofat
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 122 - Number 10
Year of Publication: 2015
Authors: Sanjam Singla, Ekta Gandotra, Divya Bansal, Sanjeev Sofat
10.5120/21738-4937

Sanjam Singla, Ekta Gandotra, Divya Bansal, Sanjeev Sofat . Detecting and Classifying Morphed Malwares: A Survey. International Journal of Computer Applications. 122, 10 ( July 2015), 28-33. DOI=10.5120/21738-4937

@article{ 10.5120/21738-4937,
author = { Sanjam Singla, Ekta Gandotra, Divya Bansal, Sanjeev Sofat },
title = { Detecting and Classifying Morphed Malwares: A Survey },
journal = { International Journal of Computer Applications },
issue_date = { July 2015 },
volume = { 122 },
number = { 10 },
month = { July },
year = { 2015 },
issn = { 0975-8887 },
pages = { 28-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume122/number10/21738-4937/ },
doi = { 10.5120/21738-4937 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:10:13.853142+05:30
%A Sanjam Singla
%A Ekta Gandotra
%A Divya Bansal
%A Sanjeev Sofat
%T Detecting and Classifying Morphed Malwares: A Survey
%J International Journal of Computer Applications
%@ 0975-8887
%V 122
%N 10
%P 28-33
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

In this era, most of the antivirus companies are facing immense difficulty in detecting morphed malwares as they conceal themselves from detection. Malwares use various techniques to camouflage themselves so as to increase their lifetime. These obscure methods cannot completely impede analysis, but it prolongs the process of analysis and detection. This paper presents a review on malware detection systems and the progress made in detecting advanced malwares which will serve as a reference to researchers interested in working on advance malware detection systems.

References
  1. Treadwell S. and Zhou M. , 2009. "A Heuristic Approach for Detection of Obfuscated Malware," in Proceedings of the 3rd International Conference on Intelligence and Security Informatics. IEEE, pp. 291–299
  2. Gandotra E. , Bansal D. and Sofat S. , 2014 "Malware Analysis and classification: A survey," Journal of Information Security, Vol 5, No 2, pp. 56-64, April [Online Available:] http://www. scirp. org/journal/jis http://dx. doi. org/10. 4236/jis. 2014. 52006
  3. Mcafee labs threats report: http://www. mcafee. com/in/resources/reports/rp-quarterlythreat-q3 2014. pdf
  4. You I. and Yim K. , 2010 "Malware Obfuscation Techniques: A Brief Survey," Proceedings of International conference on Broadband, Wireless Computing, Communication and Applications, Fukuoka, pp. 297-300
  5. Beaucamps P. , 2007 "Advanced Polymorphic Techniques," International Journal of Computer Science, vol. 2, no. 3, pp. 194-205
  6. Aycock J. , 2006 "Computer Viruses and Malware," New York, USA: Springer
  7. Szor P. , 2005 "The Art of Computer Virus Research and Defence," Addison-Wesley Professional
  8. O'Kane P. , Sezer S. , and McLaughlin K. , 2011 "Obfuscation: The Hidden Malware," Security & Privacy, IEEE, vol. 9, no. 5, pp. 41-47
  9. Rad B. B. , Masrom M. and Ibrahim S. , 2012 "Camouflage in Malware: From Encryption to Metamorphism," International Journal of Computer Science and Network Security, pp. 74-83
  10. Austin T. H, Filiol E. , Josse S. and Stamp M. , 2013 "Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach," Proceedings of the 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, pp. 7-10
  11. Ferrie P, Szor P. and Monica S. , 2001 "Hunting for Metamorphic," Proceedings of the Virus Bulletin Conference, Czech Republic, Prague, pp. 27-28
  12. Griffin K. , Schneider S. , Hu X. and Chiueh T. , 2009 "Automatic generation of string signatures for malware detection," Proceedings of the 12th International Symposium, RAID, pp. 23- 25
  13. Harley D. and Lee A. ,2007 "Heuristic Analysis Detecting Unknown Viruses", [White paper], [Online Available] http://www. eset. Com /us/resources/white-papers/Heuristic Analysis. pdf
  14. Mathur K. and Hiranwal S. , 2013 "A Survey on Techniques in Detection and Analyzing Malware Executables," International Journal of Advanced Research in Computer Science and Software Engineering
  15. Mitchell, T. M. "Machine learning", Burr Ridge, IL: McGraw Hill, 1997.
  16. Alazab M. and Venkatraman S. , Watters P. and MAlazab Mo. , 2011 "Zero-day malware detection based on supervised learning algorithms of Api call signatures," Proceedings of the Ninth Australasian Data Mining Conference, Ballarat, Australia
  17. Moskovitch R. , Elovici Y. and Rokach L. , 2008 "Detection of unknown computer worms based on behavioural classification of the host," Computational Statistics & Data Analysis
  18. Siddiqui M. , Wang M. C. and Lee J. , 2008 "A survey of data mining techniques for malware detection using file features," Proceedings of the 46th Annual Southeast Regional Conference, New York, USA, pp. 28-28
  19. Tran N. P. and Lee M. , 2013 "High performance string matching for security applications," Proceedings of the International Conference on ICT for Smart Society, Jakarta, pp. 13-14-15
  20. Griffin K, Schneider S. , Hu X. and Chiueh T. , 2009 "Automatic generation of string signatures for malware detection," Proceedings of the 12th International Symposium, RAID, pp. 23- 25
  21. Kuriakose J. and Vinod P. , 2014 "Towards the detection of Undetectable Metamorphic malware," SIN'14, Glasgow, Scotland UK
  22. Aggarwal H. , Bahler L. , Micallef J. , Snyder S. and Virodov A. , 2013 "Detection of Global, Metamorphic malwares using Control and Data flow Analysis, " IEEE
  23. Tsyganok K. , Anikeev M. , Tumoyan E. and Babenko L. , 2012 "Classification of polymorphic and metamorphic malwares samples based on their behaviour, " SIN
  24. Armoun S. E. and Hashemi S. , 2012 "A general paradigm for normalising Metamorphic Malwares," 10th International Conference on Frontiers of Information Technology, IEEE
  25. Vinod P. , Laxmi V. , Gaur M. S. and Chauhan G. , 2012 "MOMENTUM: Metamorphic Malware exploration technique using MSA signatures," International Conference on Innovations in information technology, IEEE
  26. Li X. , Loh P. K. K. and Tan F. , 2011 "Mechanisms of polymorphic and Metamorphic Viruses," European Intelligence and Security Informatics Conference, IEEE
  27. Vinod P. , Laxmi V. , Jain H. , Golecha Y. K. and Gaur M. S. , 2010 "MEDUSA: Metamorphic malware dynamic analysis using signature from API," SIN
  28. Reeves S. D. and Zhang Q, 2005 "MetaAware: Identifying Metamorphic Malware," National Science Foundation (NSF)
  29. Lakhotia A. and Chouchane M. R. , 2006 "Using Engine signatures to detect Metamorphic malware," WORM, USA
  30. Christodorescu M. and Jha S. , 2003 "Static Analysis of Executables to Detect Malicious Patterns," In Proceedings of the 12th USENIX Security Symposium, pp. 169–186
  31. Christodorescu M. , Jha S. , Seshia S. A. , Song D. , and Bryant R. E. , 2005 "Semantics-Aware Malware Detection," In Proceedings of IEEE Symposium on Security and Privacy, USA, pp. 32–46
  32. Royal P. , Halpin M. , Dagon D. , Edmonds R. , and Lee W. , 2006 "PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware," In Proceedings of the 22th Annual Computer Security Applications Conference
  33. Kruegel C. , Kirda E. , Mutz D. , Robertson W. , and Vigna G. , 2005 "Polymorphic Worm Detection Using Structural Information of Executables," In Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 53–64
  34. Karim M. , Walenstein A. and Lakhotia A. , 2005 "Malware Phylogeny Generation using Permutations of Code," Journal in Computer Virology, pp. 13–23
  35. Zhang Q. and Reeves S. D. , 2007 "MetaAware: Identifying Metamorphic Malware," Computer Security Applications Conference, Annual, pp. 411–420
  36. M. Stamp and W. Wong, "Hunting for Metamorphic Engines," 2006.
  37. Bonfante G. , Kaczmarek M. and Marion J. , 2009 "Architecture of a Morphological Malware Detector," Computer Virology, pp. 263–270
  38. Kaczmarek M. , Bonfante G. and Marion J. , 2007 "Control Flow Graphs as Malware Signatures,"
  39. Kruegel C. , Kirda E. , Mutz D. , Robertson W. and Vigna G. , 2005 "Polymorphic Worm Detection using Structural Information of Executables," In RAID, Springer, Verlag, pp. 207–226
  40. Lee H. and Jeong K. , 2008 "Code Graph for Malware Detection," In International conference on Information Networking, ICOIN, IEEE, pp. 1–5
  41. Lin D. and Stamp, 2011 "Hunting for undetectable metamorphic viruses," In Journal Computer Virology, volume (7), issue (3), pp. 201–214
  42. Tahan G. , Rokach L. and Shahar Y. , 2012 "Automatic Malware Detection Using Common Segment Analysis and Meta-Features," Journal of Machine Learning Research, pp- 949-979
  43. Marpaung J. A. P, Sain M. and Lee H. J. , 2012 "Survey on malware evasion techniques: state of the art and challenges," International Conference of Advanced Communication Technology, pp 19-22
  44. Elhadi A. A. E. , Maarof M. A. and Osman A. H, 2012 "Malware Detection Based on Hybrid Signature Behaviour Application Programming Interface Call Graph," American Journal of Applied Sciences 9
  45. Sharp R. , "An Introduction to Malware," Spring 2012 [Online Available]http://orbit. dtu. dk/fedora/objects/orbit:82364/datastreams/file_4918204/content
  46. Rehmani R. , Hazarika G. C. and G. Chetia G. , 2011 "Malware Threats and Mitigation Strategies: A Survey," Journal of Theoretical and Applied Information Technology, Vol. 29 No. 2
  47. Saffaf M. N. , "Malware Analysis Bachelors Thesis," Helsinki Metropolis University of Applied Sciences, May 27, 2009
  48. Gong T. , Tan X. and Zhu M. , 2009 "Malware Detection via Classifying With Compression," The 1st International Conference on Information Science and Engineering, (ICISE)
  49. Rad B. B. , Masrom M. , and Ibrahim S. , 2012 "Opcodes Histogram for Classifying Metamorphic Portable Executables Malware," In ICEEE, pp. 209 – 213
  50. Leder F. , Steinbock B. , and Martini P. , 2009 "Classi?cation and Detection of Metamorphic Malware Using Value Set Analysis," In MALWARE, pp. 39 – 46
  51. Bayoglu B. and Sogukpinar I. , 2012 "Graph Based Signature Classes for Detecting Polymorphic Worms via Content Analysis," Computer Network, ISSN 1389-1286, pp. 832–844
  52. Singla S. , Gandotra E. , Bansal D. & Sofat S. , 2015 "A Novel Approach to Malware Detection using Static Classification," International Journal of Computer Science and Information Security (IJCSIS), USA, Vol 13 No. 3, ISSN 1947-5500, pp 1-5
  53. Saini, Gandotra E. , Bansal D. and Sofat S. , 2014 "Classification of PE files using static analysis" SIN'14, Glasgow, Scotland, UK, ACM
  54. Gandotra E. , Bansal D. and Sofat S. , 2014 "Integrated Framework for Classification of Malwares," SIN'14, Glasgow, Scotland, UK, ACM
Index Terms

Computer Science
Information Sciences

Keywords

Malware Evolution Polymorphic Oligomorphic Metamorphic Obfuscation Decryptor and Encryptor