Welcome to the InfoSci Platform
Reference Hub9
Metamorphic malware detection using opcode frequency rate and decision tree

Metamorphic malware detection using opcode frequency rate and decision tree

Mahmood Fazlali, Peyman Khodamoradi, Farhad Mardukhi, Masoud Nosrati, Mohammad Mahdi Dehshibi
Copyright: © 2016 |Volume: 10 |Issue: 3 |Pages: 20
ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781466689701|DOI: 10.4018/IJISP.2016070105
Cite Article Cite Article

MLA

Fazlali, Mahmood, et al. "Metamorphic malware detection using opcode frequency rate and decision tree." IJISP vol.10, no.3 2016: pp.67-86. http://doi.org/10.4018/IJISP.2016070105

APA

Fazlali, M., Khodamoradi, P., Mardukhi, F., Nosrati, M., & Dehshibi, M. M. (2016). Metamorphic malware detection using opcode frequency rate and decision tree. International Journal of Information Security and Privacy (IJISP), 10(3), 67-86. http://doi.org/10.4018/IJISP.2016070105

Chicago

Fazlali, Mahmood, et al. "Metamorphic malware detection using opcode frequency rate and decision tree," International Journal of Information Security and Privacy (IJISP) 10, no.3: 67-86. http://doi.org/10.4018/IJISP.2016070105

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Malware is defined as any type of malicious code that is the potent to harm a computer or a network. Modern malwares are accompanied with mutation characteristics, namely polymorphism and metamorphism. They let malwares to generate enormous number of variants. Rising number of metamorphic malwares entails hardship in analyzing them for signature extraction and database updates. In spite of the broad use of signature-based methods in the security products, they are not able detect the new unseen morphs of malware, and it is stemmed from changing the structure of malware as well as the signature in each infection. In this paper, a novel method is proposed in which the proportion of opcodes is used for detecting the new morphs. Decision trees are utilized for classification and detection of malware variants based on the rate of opcode frequencies. Three metrics for evaluating the proposed method are speed, efficiency and accuracy. It was observed in the course of experiments that speed and time complexity will not be challenging factors; because of the fast nature of extracting the frequencies of opcodes from source assembly file. Empirical validation reveals that the proposed method outperforms the entire commercial antivirus programs with a high level of efficiency and accuracy.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.