Title: Compression-based analysis of metamorphic malware

Authors: Jared Lee; Thomas H. Austin; Mark Stamp

Addresses: Department of Computer Science, San Jose State University San Jose, CA 95192, USA ' Department of Computer Science, San Jose State University San Jose, CA 95192, USA ' Department of Computer Science, San Jose State University San Jose, CA 95192, USA

Abstract: Recent work has shown that a technique based on structural entropy measurement provides an effective means of detecting metamorphic malware. This previous work relies on file segmentation using transform techniques. In other previous work, a method based on estimating Kolmogorov complexity using compression ratios has shown promise for malware detection. In this paper, we attempt to improve on these previous techniques by combining the main features of each. Specifically, we use compression ratios and transform techniques for file segmentation. The resulting file segment information is then used to compute scores between pairs of executable files. We test our proposed technique on challenging families of metamorphic malware and we compare our results to relevant previous work.

Keywords: compression ratios; transform techniques; file segmentation; metamorphic malware; structural entropy; malware detection; network security.

DOI: 10.1504/IJSN.2015.070426

International Journal of Security and Networks, 2015 Vol.10 No.2, pp.124 - 136

Received: 13 Dec 2014
Accepted: 17 Feb 2015
Published online: 05 Jul 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article