Skip to main content
SpringerLink
Log in
Book cover

Pacific-Asia Workshop on Intelligence and Security Informatics

PAISI 2016: Intelligence and Security Informatics pp 146–165Cite as

A Syntactic Approach for Detecting Viral Polymorphic Malware Variants

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9650))

Abstract

Polymorphic malware is currently difficult to identify. Such malware is able to mutate into functionally equivalent variants of themselves. Modern detection techniques are not adequate against this rapidly-mutating polymorphic malware. The age-old approach of signature-based detection is the only one that has the highest detection rate in real time and is used by almost all antivirus software products. The process of current signature extraction has so far been by manual evaluation. Even the most advanced malware detection process which employs heuristic-based approaches requires progressive evaluation and modification by humans to keep up with new malware variants. The aim of the research reported here is to investigate efficient and effective techniques of string matching algorithm for the automatic identification of some or all new polymorphic malware. We demonstrate how our proposed syntactic-based approach using the well-known string matching Smith-Waterman algorithm can successfully detect the known polymorphic variants of JS.Cassandra virus. Our string-matching approach may revolutionize our understanding of polymorphic variant generation and may lead to a new phase of syntactic-based anti-viral software.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Thompson, G.R., Flynn, L.A.: Polymorphic malware detection and identification via context-free grammar homomorphism. Bell Labs Tech. J. Inf. Technol./Netw. Secur. 12(3), 139–147 (2007)

    Article  Google Scholar 

  2. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Proceedings of 8th International Symposium on Recent Advances in Intrusion Detection, pp. 207–226. IEEE (2005)

    Google Scholar 

  3. VX Heaven. (2015) VX Heavens Library, 3 May 2015. http://vxheaven.org/

  4. Kaspersky Anti-virus 6.0. Kaspersky Lab (2005). http://www.kaspersky.com/about

  5. Advanced Virus Detection Scan Engine and DATs: Comprehensive Scanning Technology for Today’s Threats and Tomorrow’s. Network Associates Technology (2002). http://repo.hackerzvoice.net/

  6. Understanding Heuristics Symantec’s Bloodhound Technology. Symantec (1997). https://www.symantec.com/

  7. Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 226–241. IEEE (2005)

    Google Scholar 

  8. Dullien, T., Rolles, R.: Graph-based comparison of executable objects. In: Proceedings of Symposium sur la Securite des Technologies de I’Information et des Communications, SSTIC (2005)

    Google Scholar 

  9. Flake, H.: Structural comparison of executable objects. In: Proceedings of IEEE Conference on Detection of Intrusions and Malware and Vulnerability Assessment, pp. 161–173. IEEE (2004)

    Google Scholar 

  10. Sabin, T.: Comparing Binaries with Graph Isomorphisms. SecuriTeam (2004). http://www.securiteam.com/

  11. Cohen, F.B.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22–35 (1987)

    Article  Google Scholar 

  12. Cohen, F.B.: Computational aspects of computer viruses. Comput. Secur. 8(4), 325–344 (1989)

    Article  Google Scholar 

  13. Adleman, L.M.: An abstract theory of computer viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 354–374. Springer, Heidelberg (1990)

    Google Scholar 

  14. Zuo, Z., Zhou, M.: Some further theoretical results about computer viruses. Comput. J. 47(6), 627–633 (2004)

    Article  Google Scholar 

  15. Robiah, Y., Rahayu, S., Zaki, M., Shahrin, S., Faizal, M.A., Marliza, R.: A new generic taxonomy on hybrid malware detection technique. Int. J. Comput. Sci. Inf. Secur. 5(1), 56–60 (2009)

    Google Scholar 

  16. Fukushima, Y., Sakai, A., Hori, Y., Sakurai, K.: A behaviour based malware detection scheme for avoiding false positive. In: Proceedings of 6th IEEE Workshop on Secure Network Protocols (NPSec), pp. 79–84. IEEE (2010)

    Google Scholar 

  17. Elhadi, A.A.E., Maarof, M.A., Osman, A.H.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9(3), 283–288 (2012)

    Article  Google Scholar 

  18. Idika, N., Mathur, A.P.: A survey of malware detection techniques. Technical report 286, Department of Computer Science, Purdue University, USA, 7 July 2014 (2007). http://www.serc.net/

  19. Skoudis, E., Zeltser, L.: Malware: Fighting Malicious Code. Prentice Hall Professional, Upper Saddle River (2004)

    Google Scholar 

  20. Chaumette, S., Ly, O., Tabary, R.: Automated extraction of polymorphic virus signatures using abstract interpretation. In: Proceedings of the Network and System Security, pp. 41–48. NSS (2011)

    Google Scholar 

  21. Filiol, E.: Metamorphism, formal grammars and undecidable code mutation. Int. J. Comput. Sci. 2, 70–75 (2007)

    Google Scholar 

  22. Gold, E.: Language identification in the limit. Inf. Control 5, 447–474 (1967)

    Article  MATH  Google Scholar 

  23. The Art of Stealthy Viruses (2006) Hackerz Voice, 27 April 2015. http://repo.hackerzvoice.net/depot_madchat/vxdevl/library/The%20Art%20of%20Stealthy%20Viruses.txt

  24. Naidu, V., Narayanan, A.: Further experiments in biocomputational structural analysis of malware. In: 10th International Conference on Natural Computation. ICNC, pp. 605–610 (2014)

    Google Scholar 

  25. Oracle VM VirtualBox (2015) VirtualBox, 10 March 2014. https://www.virtualbox.org/

  26. JS.Cassandra by Second Part To Hell (2015) rRlF#4 (Redemption), 9 March 2015. http://spth.virii.lu/rrlf4/rRlf.13.html

  27. Tutorials– Win32 Polymorphism (2014) VX Heavens, 10 March 2015. http://vxheaven.org/lib/static/vdat/tuwin32p.htm

  28. Viruses: Second Part To Hell’s Artworks – VIRUSES (2004), 10 March 2015. http://spth.virii.lu/Cassandra-testset.rar

  29. JAligner (2010) JAligner: Java Implementation of the Smith-Waterman algorithm for biological sequence alignment – SourceForge. 1 May 2015. http://jaligner.sourceforge.net/

  30. Charras, C., Lecroq, T.: Exact String Matching Algorithms. Univ. de Rouen (1997), 30 April 2015. http://www-igm.univ-mlv.fr/~lecroq/string/index.html

  31. Smith, T.F., Waterman, M.S.: Identification of common molecular subsequences. J. Mol. Biol. 147, 195–197 (1981)

    Article  Google Scholar 

  32. ClamAV Source Code Download (2014) ClamAV, 10 March 2014. http://www.clamav.net/download.html

  33. Top 10 Best Antivirus Software for 2015 – Top Ten Reviews (2015) TopTenReviews, 10 September 2015. http://anti-virus-software-review.toptenreviews.com/v2/

  34. Create Your Own Anti-Virus Signatures with ClamAV (2008) Adam Sweet’s Blog, 26 February 2015. http://blog.adamsweet.org/ and http://www.clamav.net/

Download references

Author information

Authors and Affiliations

  1. School of Computer and Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand

    Vijay Naidu & Ajit Narayanan

Authors
  1. Vijay Naidu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ajit Narayanan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vijay Naidu .

Editor information

Editors and Affiliations

  1. The University of Hong Kong, Hong Kong, Hong Kong

    Michael Chau

  2. Virginia Tech, Blacksburg, Virginia, USA

    G. Alan Wang

  3. The University of Arizona, Tucson, Arizona, USA

    Hsinchun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Naidu, V., Narayanan, A. (2016). A Syntactic Approach for Detecting Viral Polymorphic Malware Variants. In: Chau, M., Wang, G., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2016. Lecture Notes in Computer Science(), vol 9650. Springer, Cham. https://doi.org/10.1007/978-3-319-31863-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31863-9_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31862-2

  • Online ISBN: 978-3-319-31863-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation