Static CFG Analyzer for Metamorphic Malware Code

摘要

Malware detection and prevention methods are increasingly becoming important particularly for all computer systems connected to Internet. The term 'Malware' is collectively used for viruses, worms, Trojan's etc. Malicious activities of malware is to steal, modify, leak the data to external server or consuming system resources thereby degrading the performance of system. To avoid detection, malicious code(s) generates multiple variants while they propagate. In past, researchers have addressed malware detection using Control Flow Graph (CFG). These detection methods were based on comparison of shapes of CFG's of original sample with that of variants.The proposed approach compares instructions at basic block of original malware with that of the variants using longest common subsequence (LCS). Some viruses and benign programs have been used in the test set. Preliminary results are promising to prove the effectiveness of our proposed methodology.