Malware writers generally use stealth techniques to evade antivirus detection. However, the malware with encryption and poly morphic techniques is now difficult to evade the detection based on known signatures and code emulation. But the metamorphic technique re presents more resistance to detection. In this paper, we give a thorough analysis on metamorphic technique and the detailed introduction of metamorphic engines and the code obfuscation techniques it uses, as well as contemporary detection technique against metamorphic melware. In addition, we briefly analyse the application of metamorphic technique in the field of software protection.%恶意代码常常使用一些隐形技术来躲避反病毒软件的检测.然而,采用加密和多态技术的恶意代码已经难以躲避基于特征码和代码仿真技术的检测,而变形技术却呈现出较强的反检测能力.通过对变形技术作深入的分析,详细介绍了变形引擎及其所采用的代码混淆技术,以及当前的变形恶意代码检测技术,并简要分析了变形技术在软件防护领域的应用.
展开▼
