Back to Search
Start Over
An entropy-based distance measure for analyzing and detecting metamorphic malware.
- Source :
- Applied Intelligence; Jun2018, Vol. 48 Issue 6, p1536-1546, 11p
- Publication Year :
- 2018
-
Abstract
- Metamorphic malware is a kind of malware which evades signature-based anti-viruses by changing its internal structure in each infection. This paper, firstly, introduces a new measure of distance between two computer programs called program dissimilarity measure based on entropy (PDME). Then, it suggests a measure for the degree of metamorphism, based on the suggested distance measure. The distance measure is defined based on the Entropy of the two malware programs. Moreover, the paper shows that the distance measure can be used for classifying metamorphic malware via K-Nearest Neighbors (KNN) method. The method is evaluated by four metamorphic malware families. The results demonstrate that the measure can indicate the degree of metamorphism efficiently, and the KNN classification method using PDME can classify the metamorphic malware with a high precision. [ABSTRACT FROM AUTHOR]
- Subjects :
- ENTROPY
MALWARE
COMPUTER software
METAMORPHISM (Geology)
NETWORK PC (Computer)
Subjects
Details
- Language :
- English
- ISSN :
- 0924669X
- Volume :
- 48
- Issue :
- 6
- Database :
- Complementary Index
- Journal :
- Applied Intelligence
- Publication Type :
- Academic Journal
- Accession number :
- 129629675
- Full Text :
- https://doi.org/10.1007/s10489-017-1045-6