Malware writers attempt to generate different shapes of a malware to evade the signature-based scanners. As the number of variants of a metamorphic malware is increased, the analysis of all variants and selecting the appropriate signature and updating the database of the antivirus becomes more tiresome and time-consuming. Furthermore, for automated generated metamorphic viruses, which utilize the virus kits to produce different instances, sometime it is not possible to analyze all of them. Therefore, use of some classification methods to speed up the analysis process is necessary. In this paper, we show that how the histogram of instructions opcodes can help us in classification of metamorphic virus family variants.
展开▼
