Wing Wong, Mark Stamp
Journal In Computer Virology vol. 2, no 3
ISSN 1772-9904
December 2006
Download PDF (989.46Kb) (You need to be registered on forum)In this paper, we analyze several metamorphic virus generators. We define a similarity index and use it to precisely quantify the degree of metamorphism that each generator produces. Then we present a detector based on hidden Markov models and we consider a simpler detection method based on our similarity index. Both of these techniques detect all of the metamorphic viruses in our test set with extremely high accuracy. In addition, we show that popular commercial virus scanners do not detect the highly metamorphic virus variants in our test set.