Mechanisms of polymorphic and metamorphic viruses

Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011

Volumn , Issue , 2011, Pages 149-154

  Li, Xufang ^a   Loh, Peter K K ^a   Tan, Freddy ^b  

^a NANYANG TECHNOLOGICAL UNIVERSITY   (Singapore)

^b Microsoft (Asia) and International Information Systems Security Certification Consortium   (United States)

Author keywords

Decyptor and encryptor; Garbage; Metamorphism; Obfuscation; Permutation; Polymorphism; Structure

Indexed keywords

DECYPTOR AND ENCRYPTOR; GARBAGE; METAMORPHISM; OBFUSCATION; PERMUTATION;

CODES (SYMBOLS); COMPUTER VIRUSES; COSINE TRANSFORMS; CRYPTOGRAPHY; INFORMATION SCIENCE; MICROORGANISMS; NETWORK SECURITY; POLYMORPHISM; STRUCTURE (COMPOSITION);

STATIC ANALYSIS;

EID: 81255167363     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/EISIC.2011.77     Document Type: Conference Paper

References (28)

1. Information Technology Security Report Lead Agency Publication R2-002, Future Trends in Malicious Code - 2006 Report.
2. McAfee. McAfee virtual criminology report, Virtually Here: The Age of Cyber Warfare, McAfee, Inc, 2009.
3. David M. Chess and Steve R. White, An Undetectable Computer Virus, Virus Bulletin Conference, Sep 2000, IBM Thomas J. Watson Research Center, Hawthorne, New York, USA.
4. Song Y, Locasto ME, Stavrou A, Keromytis AD, Stolfo SJ, On the infeasibility of modeling polymorphic shellcode, Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), 2007.
5. Robert Lyda and Jim Hamrock, Using Entropy Analysis to Find Encrypted and Packed Malware, IEEE Security & Privacy, vol 5, pp. 40-45, 2007. (Pubitemid 46527387)
6. Adrian E. Stepan, Defeating Polymorphism beyond Emulation, Virus Bulletin Conference, October 2005.
7. Igor Santos, Felix Brezo, Javier Nieves, et al, Idea: Opcode-Sequence-Based Malware Detection, Lecture Notes in Computer Science, Engineering Secure Software and System, vol 5969, pp. 35-43, 2010.
8. Yong Tang, Bin Xiao, Xicheng Lu, Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms, Journal of Computer & Security, vol 28, pp. 827-842, 2009.
9. Yong Tang, Bin Xiao, Xicheng Lu, Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms, Journal of Computer & Security, vol 28, pp. 827-842, 2009.
10. Ulrich Bayer, Engin Kirda and Christopher Kruegel, "Improving the Efficiency of Dynamic Malware Analysis", Proceedings of the 2010 ACM Symposium on Applied Computing, Track on Information Security Research and Applications, Lusanne, Switzerland, March 2010.
11. Alsagoff, S.N, Malware self protection mechanism issues in conducting malware behavior analysis in a virtual environment as compared to a real environment, 2010 International Symposium in Information Technology (ITSim), vol 3, pp.1326-1331, September 2010.
12. Ulrich Bayer, Engin Kirda and Christopher Kruegel, Improving the Efficiency of Dynamic Malware Analysis, 25th Symposium on Applied Computing (SAC), Track on Information Security Research and Applications, 2010.
13. Younghee Park, Reeves, D.S. Identification of Bot Commands by Run-Time Execution Monitoring, Computer Security Applications Conference, ACSAC'09. pp. 321-330, 2009.
14. Roberto Perdisci, Andrea Lanzi and Wenke Lee, McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables, Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 301-310, 2008.
15. Gregory Conti, Sergey Bratus, Anna Shubina, et al, Automated mapping of large binary objects using primitive fragment type classification, The proceedings of the tenth annual Digital Forensics Research conference, vol 7, pp. (7) S3-S12, August 2010.
16. Lorenzo Cavallaro, Prateek Saxena and R.Sekar, On the limits of information flow techniques for malware analysis and containment, Lecture Notes in Computer Science, Vol 5137, Detection of Intrusion and Malware, and Vulnerability Assessment, pp. 143-163, 2008.
17. Andrew Walenstein, Rachit Mathur, Mohamed R. Chouchane, Arun Lakhotia, Constructing malware normalizes using term rewriting, Journal of Computer Virology, pp. (4) 307-322, 2008.
18. Understanding and Managing Polymorphic Viruses, the Symantec Enterprise Papers (1996).
19. Szor, P and Ferrie, P, Hunting for Metamorphic, Virus Bulletin Conference (2003).
20. Evgenios Konstantinou, Stephen Wolthusen, Metamorphic Virus: Analysis and Detection, Technical Report, RHUL-MA-2008-02.
21. Polymorphic Code: http://en.wikipedia.org/wiki/Polymorphic-code
22. Pseudo-random generation algorithm: http://en.wikipedia.org/wiki/RC4
23. Spinellis, D, Reliable identification of bounded-length viruses is NP-complete. Information Theory, IEEE Transactions, Vol 49, pp. 280-284, January 2003.
24. Danilo Bruschi, Lorenzo Martignoni, Mattia Monga, Detecting self-mutating malware using control-flow graph matching, Lecture Notes in Computer Science, Detection of Intrusions and Malware & Vulnerability Assessment, Vol 4046, PP. 129-143, 2006. (Pubitemid 44124006)
25. Arlington, Virginia, Malware Detection and Classification From Byte-Patterns to Control Flow Structures to Entropic Defenses, Cyber Genome Project DARPA workshop, University of New Orleans, Department of Computer Science. December 2009.
26. Metamorphic Code: http://en.wikipedia.org/wiki/Metamorphic-code
27. Sharif, M., Lanzi, A., Giffin, J., Lee, W, Impeding malware analysis using conditional code obfuscation, In Network and Distributed System Security Symposium. San Diego, CA, 2008.
28. Peter Szor, Zmist opportunities, Virus Bulletin Conference, pp. 6-7, March 2001.