Read Paper (in PDF)
Srinivas Mukkamala
New Mexico Tech
USA
Andrew Sung
New Mexico Tech
USA
Dennis Xu
New Mexico Tech
USA
Patrick Chavez
New Mexico Tech
USA
Software security assurance and malware detection are important aspects of information system assurance. Software obfuscation a general technique that is used to protect the software form reverse engineering techniques is being used by malware writers to circumvent the current detection mechanisms (Anti Virus tools). Current static scanning techniques for malware detection have serious limitations; on the other hand, sandbox testing does not provide a complete solution either due to time constraints (e.g., time bombs cannot be detected before its preset time expires).
In this paper, we present robust and unique signature-based malware (viruses, worms, trojans, etc.) detection, with emphasis on detecting obfuscated (or polymorphic) malware and mutated (or metamorphic) malware. The hypothesis is that all versions of the same malware share a common core signaturepossibly a second-order signature that is a combination of several features of the code. After a particular malware has been first identified (through sandbox testing or other means), it can be analyzed to extract the signature which provides a basis for detecting variants and mutants of the same malware in the future.
Keywords: Malware detection, Obfuscation, Malicious code detection, Anti virus tools