Cover Image

Opcodes histogram for classifying metamorphic portable executables malware

Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tires...

Full description

Saved in:
Bibliographic Details
Main Authors: Masrom, Maslin, Ibrahim, Suahimi
Format: Conference or Workshop Item
Published: 2012
Subjects:
T58.5-58.64 Information technology
Online Access:http://eprints.utm.my/id/eprint/34159/
http://ieeexplore.ieee.org/document/6333411/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.34159
record_format eprints
spelling my.utm.341592017-09-28T06:49:10Z http://eprints.utm.my/id/eprint/34159/ Opcodes histogram for classifying metamorphic portable executables malware Masrom, Maslin Ibrahim, Suahimi T58.5-58.64 Information technology Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tiresome and time-consuming. Furthermore, for automated generated metamorphic viruses, which utilize the virus kits to produce different instances, sometime it is not possible to analyze all of them. Therefore, use of some classification methods to speed up the analysis process is necessary. In this paper, we show that how the histogram of instructions opcodes can help us in classification of metamorphic virus family variants. 2012 Conference or Workshop Item PeerReviewed Masrom, Maslin and Ibrahim, Suahimi (2012) Opcodes histogram for classifying metamorphic portable executables malware. In: The International Conference on E-Learning and E-Technologies in Education (ICEEE 2012), 24-26 Sept 2012, Lodz, Poland. http://ieeexplore.ieee.org/document/6333411/
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
topic T58.5-58.64 Information technology
spellingShingle T58.5-58.64 Information technology
Masrom, Maslin
Ibrahim, Suahimi
Opcodes histogram for classifying metamorphic portable executables malware
description Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tiresome and time-consuming. Furthermore, for automated generated metamorphic viruses, which utilize the virus kits to produce different instances, sometime it is not possible to analyze all of them. Therefore, use of some classification methods to speed up the analysis process is necessary. In this paper, we show that how the histogram of instructions opcodes can help us in classification of metamorphic virus family variants.
format Conference or Workshop Item
author Masrom, Maslin
Ibrahim, Suahimi
author_facet Masrom, Maslin
Ibrahim, Suahimi
author_sort Masrom, Maslin
title Opcodes histogram for classifying metamorphic portable executables malware
title_short Opcodes histogram for classifying metamorphic portable executables malware
title_full Opcodes histogram for classifying metamorphic portable executables malware
title_fullStr Opcodes histogram for classifying metamorphic portable executables malware
title_full_unstemmed Opcodes histogram for classifying metamorphic portable executables malware
title_sort opcodes histogram for classifying metamorphic portable executables malware
publishDate 2012
url http://eprints.utm.my/id/eprint/34159/
http://ieeexplore.ieee.org/document/6333411/
_version_ 1643649525647147008
score 13.211869

Similar Items