EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Metamorphic malware detection using opcode frequency rate and decision tree

Mahmood Fazlali, Peyman Khodamoradi, Farhad Mardukhi, Masoud Nosrati and Mohammad Mahdi Dehshibi
Additional contact information
Mahmood Fazlali: Department of Computer Science, Cyberspace Research Institute, Shahid Beheshti University, GC, Tehran, Iran
Peyman Khodamoradi: Department of Computer Engineering, Kermanshah Branch, Islamic Azad University, Kermanshah, Iran
Farhad Mardukhi: Department of Computer Engineering, Razi University, Kermanshah, Iran
Masoud Nosrati: Department of Computer Engineering, Kermanshah Branch, Islamic Azad University, Kermanshah, Iran
Mohammad Mahdi Dehshibi: Pattern Research Center, Tehran, Iran

International Journal of Information Security and Privacy (IJISP), 2016, vol. 10, issue 3, 67-86

Abstract: Malware is defined as any type of malicious code that is the potent to harm a computer or a network. Modern malwares are accompanied with mutation characteristics, namely polymorphism and metamorphism. They let malwares to generate enormous number of variants. Rising number of metamorphic malwares entails hardship in analyzing them for signature extraction and database updates. In spite of the broad use of signature-based methods in the security products, they are not able detect the new unseen morphs of malware, and it is stemmed from changing the structure of malware as well as the signature in each infection. In this paper, a novel method is proposed in which the proportion of opcodes is used for detecting the new morphs. Decision trees are utilized for classification and detection of malware variants based on the rate of opcode frequencies. Three metrics for evaluating the proposed method are speed, efficiency and accuracy. It was observed in the course of experiments that speed and time complexity will not be challenging factors; because of the fast nature of extracting the frequencies of opcodes from source assembly file. Empirical validation reveals that the proposed method outperforms the entire commercial antivirus programs with a high level of efficiency and accuracy.

Date: 2016
References: Add references at CitEc
Citations:

Downloads: (external link)
http://services.igi-global.com/resolvedoi/resolve. ... 018/IJISP.2016070105 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:10:y:2016:i:3:p:67-86

Access Statistics for this article

International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh

More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global
Bibliographic data for series maintained by Journal Editor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:igg:jisp00:v:10:y:2016:i:3:p:67-86