Morphing engines classification by code histogram

Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques...

Full description

Saved in:

Bibliographic Details
Main Authors:	Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud
Format:	Conference or Workshop Item
Language:	English
Published:	2011
Subjects:	QA76 Computer software
Online Access:	http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf http://eprints.sunway.edu.my/94/
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Sunway University
Language:	English

id	my.sunway.eprints.94
record_format	eprints
spelling	my.sunway.eprints.942013-05-09T02:56:07Z http://eprints.sunway.edu.my/94/ Morphing engines classification by code histogram Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, QA76 Computer software Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison. 2011-06 Conference or Workshop Item PeerReviewed text en http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf Babak Bashari Rad, and Maslin Masrom, and Suhaimi Ibrahim, and Zalina Mohd Daud, (2011) Morphing engines classification by code histogram. In: Symposium on Information & Computer Sciences (1st).
institution	Sunway University
building	Sunway Campus Library
collection	Institutional Repository
continent	Asia
country	Malaysia
content_provider	Sunway University
content_source	Sunway Institutional Repository
url_provider	http://eprints.sunway.edu.my/
language	English
topic	QA76 Computer software
spellingShingle	QA76 Computer software Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, Morphing engines classification by code histogram
description	Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison.
format	Conference or Workshop Item
author	Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud,
author_facet	Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud,
author_sort	Babak Bashari Rad,
title	Morphing engines classification by code histogram
title_short	Morphing engines classification by code histogram
title_full	Morphing engines classification by code histogram
title_fullStr	Morphing engines classification by code histogram
title_full_unstemmed	Morphing engines classification by code histogram
title_sort	morphing engines classification by code histogram
publishDate	2011
url	http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf http://eprints.sunway.edu.my/94/
_version_	1644324240588013568

Morphing engines classification by code histogram

Similar Items