Journal in Computer Virology

, Volume 2, Issue 3, pp 211–229

Hunting for metamorphic engines

Original Paper

DOI: 10.1007/s11416-006-0028-7

Cite this article as:
Wong, W. & Stamp, M. J Comput Virol (2006) 2: 211. doi:10.1007/s11416-006-0028-7

Abstract

In this paper, we analyze several metamorphic virus generators. We define a similarity index and use it to precisely quantify the degree of metamorphism that each generator produces. Then we present a detector based on hidden Markov models and we consider a simpler detection method based on our similarity index. Both of these techniques detect all of the metamorphic viruses in our test set with extremely high accuracy. In addition, we show that popular commercial virus scanners do not detect the highly metamorphic virus variants in our test set.

Copyright information

© Springer-Verlag France 2006

Authors and Affiliations

  1. 1.Department of Computer ScienceSan José State UniversitySan JoséUSA