Morphing engines classification by code histogram
Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques...
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2011
|
| Subjects: | |
| Online Access: | http://eprints.sunway.edu.my/94/ http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf |
| _version_ | 1848801744750903296 |
|---|---|
| author | Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, |
| author_facet | Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, |
| author_sort | Babak Bashari Rad, |
| building | SU Institutional Repository |
| collection | Online Access |
| description | Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison. |
| first_indexed | 2025-11-14T21:12:20Z |
| format | Conference or Workshop Item |
| id | sunway-94 |
| institution | Sunway University |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-14T21:12:20Z |
| publishDate | 2011 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | sunway-942013-05-09T02:56:07Z http://eprints.sunway.edu.my/94/ Morphing engines classification by code histogram Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, QA76 Computer software Morphing engines or mutation engines are exploited by metamorphic virus to change the code appearance in every new generation. The purpose of these engines is to escape from the signature-based scanner, which employs a unique string signature to detect the virus. Although the obfuscation techniques try to convert the binary sequence of the code, in some techniques, the statistical feature of the code binaries will be still remain unchanged, relatively. Accordingly, this feature can be utilized to classify the engine and detect the morphed virus code. In this article, we are going to introduce a new idea to classify the obfuscation engines based on their code statistical feature using the histogram comparison. 2011-06 Conference or Workshop Item PeerReviewed text en http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf Babak Bashari Rad, and Maslin Masrom, and Suhaimi Ibrahim, and Zalina Mohd Daud, (2011) Morphing engines classification by code histogram. In: Symposium on Information & Computer Sciences (1st). |
| spellingShingle | QA76 Computer software Babak Bashari Rad, Maslin Masrom, Suhaimi Ibrahim, Zalina Mohd Daud, Morphing engines classification by code histogram |
| title | Morphing engines classification by code histogram |
| title_full | Morphing engines classification by code histogram |
| title_fullStr | Morphing engines classification by code histogram |
| title_full_unstemmed | Morphing engines classification by code histogram |
| title_short | Morphing engines classification by code histogram |
| title_sort | morphing engines classification by code histogram |
| topic | QA76 Computer software |
| url | http://eprints.sunway.edu.my/94/ http://eprints.sunway.edu.my/94/1/ICS2011_03.pdf |