Design and development of a hybrid metamorphic portable executable malware detection system
This research paper proposes to design and develop a hybrid Metamorphic Malware Analysis of Portable Executable (PE) malware. PE files are regular executable, object codes, and Dynamic Link Libraries (DLLs) files used commonly in Windows operating systems in 32-bit and 64-bit versions. Problems, whe...
Saved in:
Main Author: | |
---|---|
Format: | text |
Language: | English |
Published: |
Animo Repository
2022
|
Subjects: | |
Online Access: | https://animorepository.dlsu.edu.ph/etdm_ece/29 https://animorepository.dlsu.edu.ph/context/etdm_ece/article/1027/viewcontent/DESIGN2_AND_DEVELOPMENT_OF_A_HYBRID_METAMORPHIC_PORTABLE_EXECUTABL.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | De La Salle University |
Language: | English |
Summary: | This research paper proposes to design and develop a hybrid Metamorphic Malware Analysis of Portable Executable (PE) malware. PE files are regular executable, object codes, and Dynamic Link Libraries (DLLs) files used commonly in Windows operating systems in 32-bit and 64-bit versions. Problems, when PE malware is not detected, is its ability to install rootkits, worms, trojans, etc. Popular approaches in literatures suggest the utilization of signature-based detection. Although most studies produce high accuracy, the increasing popularity of metamorphic malware imposes a challenge in signature-based detection, as metamorphic malware has the ability to rewrite its code to appear benign. Hence, the utilization of behavioral-based detection is more useful in analyzing these types of malware. The downside of this technique is the time it takes to analyze the malware. Hence, this research proposes to design and develop a hybrid analysis system that utilizes both static and dynamic analysis to increase the overall accuracy and processing time the metamorphic PE malware detection. The signature-based detection of the malware will utilize a random forest classifier. The dynamic analysis of the system will utilize sequential learning. |
---|