An enhanced performance model for metamorphic computer virus classification and detectioN

Metamorphic computer virus employs various code mutation techniques to change its code to become new generations. These generations have similar behavior and functionality and yet, they could not be detected by most commercial antivirus because their solutions depend on a signature database and make...

Full description

Saved in:
Bibliographic Details
Main Author: Basharirad, Babak
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://eprints.utm.my/id/eprint/38026/5/BabakBashariradPFSKSM2013.pdf
http://eprints.utm.my/id/eprint/38026/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.38026
record_format eprints
spelling my.utm.380262018-04-12T05:41:25Z http://eprints.utm.my/id/eprint/38026/ An enhanced performance model for metamorphic computer virus classification and detectioN Basharirad, Babak QA Mathematics Metamorphic computer virus employs various code mutation techniques to change its code to become new generations. These generations have similar behavior and functionality and yet, they could not be detected by most commercial antivirus because their solutions depend on a signature database and make use of string signature-based detection methods. However, the antivirus detection engine can be avoided by metamorphism techniques. The purpose of this study is to develop a performance model based on computer virus classification and detection. The model would also be able to examine portable executable files that would classify and detect metamorphic computer viruses. A Hidden Markov Model implemented on portable executable files was employed to classify and detect the metamorphic viruses. This proposed model that produce common virus statistical patterns was evaluated by comparing the results with previous related works and famous commercial antiviruses. This was done by investigating the metamorphic computer viruses and their features, and the existing classifications and detection methods. Specifically, this model was applied on binary format of portable executable files and it was able to classify if the files belonged to a virus family. Besides that, the performance of the model, practically implemented and tested, was also evaluated based on detection rate and overall accuracy. The findings indicated that the proposed model is able to classify and detect the metamorphic virus variants in portable executable file format with a high average of 99.7% detection rate. The implementation of the model is proven useful and applicable for antivirus programs. 2013-10 Thesis NonPeerReviewed application/pdf en http://eprints.utm.my/id/eprint/38026/5/BabakBashariradPFSKSM2013.pdf Basharirad, Babak (2013) An enhanced performance model for metamorphic computer virus classification and detectioN. PhD thesis, Universiti Teknologi Malaysia, Faculty of Computing.
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA Mathematics
spellingShingle QA Mathematics
Basharirad, Babak
An enhanced performance model for metamorphic computer virus classification and detectioN
description Metamorphic computer virus employs various code mutation techniques to change its code to become new generations. These generations have similar behavior and functionality and yet, they could not be detected by most commercial antivirus because their solutions depend on a signature database and make use of string signature-based detection methods. However, the antivirus detection engine can be avoided by metamorphism techniques. The purpose of this study is to develop a performance model based on computer virus classification and detection. The model would also be able to examine portable executable files that would classify and detect metamorphic computer viruses. A Hidden Markov Model implemented on portable executable files was employed to classify and detect the metamorphic viruses. This proposed model that produce common virus statistical patterns was evaluated by comparing the results with previous related works and famous commercial antiviruses. This was done by investigating the metamorphic computer viruses and their features, and the existing classifications and detection methods. Specifically, this model was applied on binary format of portable executable files and it was able to classify if the files belonged to a virus family. Besides that, the performance of the model, practically implemented and tested, was also evaluated based on detection rate and overall accuracy. The findings indicated that the proposed model is able to classify and detect the metamorphic virus variants in portable executable file format with a high average of 99.7% detection rate. The implementation of the model is proven useful and applicable for antivirus programs.
format Thesis
author Basharirad, Babak
author_facet Basharirad, Babak
author_sort Basharirad, Babak
title An enhanced performance model for metamorphic computer virus classification and detectioN
title_short An enhanced performance model for metamorphic computer virus classification and detectioN
title_full An enhanced performance model for metamorphic computer virus classification and detectioN
title_fullStr An enhanced performance model for metamorphic computer virus classification and detectioN
title_full_unstemmed An enhanced performance model for metamorphic computer virus classification and detectioN
title_sort enhanced performance model for metamorphic computer virus classification and detection
publishDate 2013
url http://eprints.utm.my/id/eprint/38026/5/BabakBashariradPFSKSM2013.pdf
http://eprints.utm.my/id/eprint/38026/
_version_ 1643650212709793792
score 13.211869