Detecting virus mutations via dynamic matching

12 years 2 days ago
Detecting virus mutations via dynamic matching
To defeat current commercial antivirus software, the virus developers are employing obfuscation techniques to create mutating viruses. The current antivirus software cannot handle the obfuscated viruses well since its detection methods that are based upon static signatures are not resilient to even slight variations in the code that forms the virus. In this paper, we propose a new type of virus signature, called dynamic signature, and an algorithm for matching dynamic signatures. Our dynamic signature is created based on the runtime behavior of a virus. Therefore, an obfuscated virus can also be detected using a dynamic signature as long as it dynamically behaves like the original virus. We also discuss issues related to deploying our virus detection approach. Our experiments based upon several known mutating viruses show that our method is effective in identifying obfuscated viruses.
Min Feng, Rajiv Gupta
Added 24 May 2010
Updated 24 May 2010
Type Conference
Year 2009
Where ICSM
Authors Min Feng, Rajiv Gupta
Comments (0)