Call for Paper - May 2023 Edition
IJCA solicits original research papers for the May 2023 Edition. Last date of manuscript submission is April 20, 2023. Read More

Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey

International Journal of Computer Applications
© 2014 by IJCA Journal
Volume 90 - Number 2
Year of Publication: 2014
Ashu Sharma
S. K. Sahay

Ashu Sharma and S K Sahay. Article: Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey. International Journal of Computer Applications 90(2):7-11, March 2014. Full text available. BibTeX

	author = {Ashu Sharma and S. K. Sahay},
	title = {Article: Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey},
	journal = {International Journal of Computer Applications},
	year = {2014},
	volume = {90},
	number = {2},
	pages = {7-11},
	month = {March},
	note = {Full text available}


Malwares are big threat to digital world and evolving with high complexity. It can penetrate networks, steal confidential information from computers, bring down servers and can cripple infrastructures etc. To combat the threat/attacks from the malwares, anti- malwares have been developed. The existing anti-malwares are mostly based on the assumption that the malware structure does not changes appreciably. But the recent advancement in second generation malwares can create variants and hence posed a challenge to anti-malwares developers. To combat the threat/attacks from the second generation malwares with low false alarm we present our survey on malwares and its detection techniques.


  • Symantec Corporation. 2012 Symantec Internet Security Threat Report, Symantec
  • Stone, R. "A Call to Cyber Arms", Science (New York, N. Y. ), 2013, 339: 10261027.
  • Bencsath, B. , Pek, G. , Buttyan, L. and Felegyhazi, M. Duqu: A Stuxnet-like malware found in the wild, CrySyS Lab, BME, Technical Report Version 0. 93, 2011.
  • Operaons, I. F. and Daly, M. K. The Advanced Persistent Threat Usenix, Nov, 2009, 4.
  • Malin, C. , Casey, E. and Aquilina, J. "Linux Malware Incident Response: A Practitioners Guide to Forensic Collection and Examination of volatile Data", 1st ed. Elsevier, USA, 2013, 89.
  • F. Labs, F-Secure H1 2013 Threat Report, 2013. 10
  • B. M. Labs, McAfee Threats Report: First Quarter 2012, 2012.
  • Szor, P. "The Art of Computer Virus and defence", 1st ed. Symantec press, US, 2005, 35-44
  • You, I. and Yim, K. "Malware Obfuscation Techniques: A Brief Survey, Proceedings of IEEE International Conference on Broadband, Wireless Computing, Communication and Applications, Fukuoka, 2010, Nov 4-6, 297300.
  • Rad, B. , Masrom, M. and Ibrahim, S. "Camouflage in Malware: From Encryption to Metamorphism", International Journal of Computer Science and Network Security, 2012, 12: 74-83.
  • Beaucamps, P. "Advanced polymorphic techniques International Journal of Computer Science", 2001, 25: 400411.
  • Rad, B. B. , Masrom, M. and Ibrahim, S. "Evolution of Computer Virus Concealment and Anti-Virus Techniques: A Short Survey, International Journal of Computer Science Issues, 2011, 8:113121.
  • Shah, A. Approximate Disassembly using Dynamic Programming [PhD. Thesis], San Jose State University, US, 2010.
  • Cho, Y. and Mangione-Smith, W. High-performance context-free parser for polymorphic malware detection, United States Patent US 2006113722, 2009 April 18.
  • Austin, T. H. , Filiol, E. , Josse, and Stamp, S. M. "Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach, Proceedings of the 46th Hawaii International Conference on System Sciences, Wailea, HI, USA, 2013, Jan 7-10, 50395048.
  • Ferrie, P. , Corporation, S. and Monica, S. "HUNTING FOR METAMORPHIC", Proceedings of the Virus Bulletin Conference 2001, Czech Republic, Prague, 2001 Sep 27-28, 123144.
  • Griffin, K. , Schneider, S. , Hu, X. and Chiueh, T. "Automatic generation of string signatures for malware detection", Proceedings of the 12th International Symposium, RAID 2009, Sep 23- 25, 129.
  • Ddcreateur, ANTIVIRUS 2004, [Database on the Internet]. Codes-sources library. [updated 2004 March 26; cited 2013 Oct 1]. Available from http://files. Cod es-sources. com/fichierfullscreen. aspx?id=21418&f=virus signatures. txt&lang=en
  • Tran, N. and Lee, M. "High performance string matching for security applications", Proceedings of the International Conference on ICT for Smart Society, Jakarta 2013 June 13-14, 15. 11
  • Harley, D. and Lee, A. "Heuristic AnalysisDetecting Unknown Viruses", [White paper] Eset, 2007, [cited 2013 Oct 1]. Available from http://www. eset. Com /us/resources/white-papers/Heu- ristic Analysis. pdf
  • Del Grosso, N. "Its Time to Rethink your Corporate Malware Strategy", [White paper] SANS Institute Reading Room site, 2002, [cited 2013 Oct 1]. Available from http://www. sans. org/readingroom/whitepapers/ malicious/its-time-rethink-corporate-malwarestrategy124
  • Mathur, K. and Hiranwai, S. "A Survey on Techniques in Detection and Analyzing Malware Executables". International Journal of Advanced Research in Computer Science and Software Engineering, 2013, 3: 422428.
  • Wong, W. and Stamp, M. "Hunting for metamorphic engines", Journal in Computer Virology, 2006, 2: 211229.
  • Govindaraju, A. Exhaustive Statistical Analysis for Detection of Metamorphic Malware [MS Project], San Jose State University, US, 2010.
  • Mitchell, T. M. "Machine learning", Burr Ridge, IL: McGraw Hill, 1997.
  • Moskovitch, R. , Yuval, E. and Lior, R. "Detection of unknown computer worms based on behavioral classification of the host", Computational Statistics & Data Analysis, 2008, 52: 4544-4566.
  • Alazab, M. and Venkatraman, S. "Zero-day malware detection based on supervised learning algorithms of api call signatures", Proceedings of the Ninth Australasian Data Mining Conference, Ballarat, Australia 2011 Nov, 121: 171182.
  • Moskovitch, R. , Elovici, Y. and Rokach, L. "Detection of unknown computer worms based on behavioral classification of the host, Computational Statistics & Data Analysis, 2008, 52:45444566.
  • Siddiqui, M. , Wang, M. C. and Lee, J. "A survey of data mining techniques for malware detection using file features, Proceedings of the 46th Annual Southeast Regional Conference, New York, USA, 2008, March 28-28, 509-510.
  • Xu, M. , Wu, L. , Qi, S. , Xu, J. , Zhang, H. , Ren, Y. and Zheng, N. "A similarity metric method of obfuscated malware using function-call graph", Journal of Computer Virology and Hacking Techniques. 2013, 9: 3547. 12
  • Xu, J. , Sung, A. H. , Chavez, P. and Mukkamala, S. "Polymorphic malicious executable scanner by API sequence analysis", Proceedings of the Fourth International Conference on Hybrid Intelli- gent Systems, Kitakyushu, Japan, 2004, Dec 5-8, 378-383.
  • Christodorescu, M. , Johannes, K. , Jha, S. , Katzenbeisser, S. and Veith, H. "Malware Normalization", University of Wisconsin, Madison, Wisconsin, USA, 2005 November. Report No: 1539.
  • Armoun, S. E. and Hashemi, S. "A General Paradigm for Normalizing Metamorphic Malwares, Proceedings of the 10th International Conference on Frontiers of Information Technology, Islamabad, Pakistan, 2012, Dec 17-19, 348353.
  • Toderici, A. and Stamp, M. "Chi-squared distance and metamorphic virus detection, Journal in Computer Virology, 2012, 9: 1-14.
  • B Rad, B. B. , Masrom, M. and Ibrahim, S. "Morphed Virus Family Classification Based on Opcodes Statistical Feature Using Decision Tree, Proceedings of the International Conference, ICIEIS 2011, Kuala Lumpur, Malaysia, 2011, November 12-14, 123131.
  • Bertoni, G. , Daemen, J. , Peeters, M. and Van Assche, G. "Keccak sponge function family main document, Submission to NIST (Round 2), 2009, 3: 1-93.
  • New, T. and Vector, T. "Beyond Signature-Based Anti-virus: New Threat Vectors Drive Need for Proactive Antimalware are Protection, [White paper] Eset, 2010, [cited 2013 Oct 1]. Available from: http://www. eset. com/us/resources/whitepapers/ESETIDC-VendorSpotlig ht July2007. pdf
  • Zheng, M. , Sun, M. and Lui, J. "Droid Analytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware", Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 13), Melbourne, Australia, July 2013.
  • Mila, Mobile malware mini dump [Database on the Internet] Contagio Mobile [updated 2013 Sep 17; cited 2013 Oct 1], Available from: http://contagiominidump . blogspot. in