Int. J. of Security and Networks   »   2015 Vol.10, No.2

 

 

Title: Compression-based analysis of metamorphic malware

 

Authors: Jared Lee; Thomas H. Austin; Mark Stamp

 

Addresses:
Department of Computer Science, San Jose State University San Jose, CA 95192, USA
Department of Computer Science, San Jose State University San Jose, CA 95192, USA
Department of Computer Science, San Jose State University San Jose, CA 95192, USA

 

Abstract: Recent work has shown that a technique based on structural entropy measurement provides an effective means of detecting metamorphic malware. This previous work relies on file segmentation using transform techniques. In other previous work, a method based on estimating Kolmogorov complexity using compression ratios has shown promise for malware detection. In this paper, we attempt to improve on these previous techniques by combining the main features of each. Specifically, we use compression ratios and transform techniques for file segmentation. The resulting file segment information is then used to compute scores between pairs of executable files. We test our proposed technique on challenging families of metamorphic malware and we compare our results to relevant previous work.

 

Keywords: compression ratios; transform techniques; file segmentation; metamorphic malware; structural entropy; malware detection; network security.

 

DOI: 10.1504/IJSN.2015.070426

 

Int. J. of Security and Networks, 2015 Vol.10, No.2, pp.124 - 136

 

Submission date: 09 Dec 2014
Date of acceptance: 17 Feb 2015
Available online: 05 Jul 2015

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article