Authors: Jared Lee; Thomas H. Austin; Mark Stamp
Addresses: Department of Computer Science, San Jose State University San Jose, CA 95192, USA ' Department of Computer Science, San Jose State University San Jose, CA 95192, USA ' Department of Computer Science, San Jose State University San Jose, CA 95192, USA
Abstract: Recent work has shown that a technique based on structural entropy measurement provides an effective means of detecting metamorphic malware. This previous work relies on file segmentation using transform techniques. In other previous work, a method based on estimating Kolmogorov complexity using compression ratios has shown promise for malware detection. In this paper, we attempt to improve on these previous techniques by combining the main features of each. Specifically, we use compression ratios and transform techniques for file segmentation. The resulting file segment information is then used to compute scores between pairs of executable files. We test our proposed technique on challenging families of metamorphic malware and we compare our results to relevant previous work.
Keywords: compression ratios; transform techniques; file segmentation; metamorphic malware; structural entropy; malware detection; network security.
International Journal of Security and Networks, 2015 Vol.10 No.2, pp.124 - 136
Available online: 05 Jul 2015Full-text access for editors Access for subscribers Purchase this article Comment on this article