Approach for the unknown metamorphic virus detection

摘要

The paper presents a new technique for unknown metamorphic viruses' detection. It is based on the analysis of the potentially suspicious behavior of the programs on the host. The novelty of the contribution is that, the analysis is performed via the comparison of the functional blocks of the disassembled code before and after program's emulation, which is executed within the modified emulators installed on each host of the network. The conclusion about the similarity of the suspicious program to the metamorphic virus program is performed by the means of the fuzzy inference system. In order to provoke possible presence of the metamorphic virus other hosts of the network are involved in the detection process. Thus, experimentally it was shown that level of metamorphic viruses' demonstration increases with the number of hosts.