"Compression-based analysis of metamorphic malware" by Jared Lee

Selected Works of Thomas H. Austin

Follow Contact

Article

Compression-based analysis of metamorphic malware

International Journal of Security and Networks (2015)

Jared Lee, San Jose State University
Thomas H. Austin, San Jose State University
Mark Stamp, San Jose State University

Link Find in your library

Abstract

Recent work has shown that a technique based on structural entropy measurement provides an effective means of detecting metamorphic malware. This previous work relies on file segmentation using transform techniques. In other previous work, a method based on estimating Kolmogorov complexity using compression ratios has shown promise for malware detection. In this paper, we attempt to improve on these previous techniques by combining the main features of each. Specifically, we use compression ratios and transform techniques for file segmentation. The resulting file segment information is then used to compute scores between pairs of executable files. We test our proposed technique on challenging families of metamorphic malware and we compare our results to relevant previous work.

Keywords

compression ratios,
transform techniques,
file segmentation,
metamorphic malware,
structural entropy,
malware detection,
network security

Disciplines

Publication Date

2015

DOI

10.1504/IJSN.2015.070426

Citation Information

Jared Lee, Thomas H. Austin and Mark Stamp. "Compression-based analysis of metamorphic malware" International Journal of Security and Networks Vol. 10 Iss. 2 (2015) p. 124 - 136 ISSN: 1747-8405
Available at: http://works.bepress.com/thomas_austin/33/