ANALYSIS OF PACKED METAMORPHIC MALWARE
ANKUR SINGH BIST *
Department of Computer Science and Engineering, SVU, India.
ANUJ SHARMA
Department of Computer Science and Engineering, SVU, India.
*Author to whom correspondence should be addressed.
Abstract
Malwares attempt to conceal their behaviour using obfuscation techniques. Packing is one of the techniques widely used by malware designers. In this paper, we proposed a novel method for classifying packed metamorphic malware samples. First, we normalize entropy values using symbolic aggregate approximation (SAX). Secondly, we extracted sector-wise byte patterns. Third, we fused the features taken from previous two activities. In this study LAD Tree, Naive Bayes, SVM and ANN (Artificial Neural Network) are used for classification. The results obtained show that our proposed approach provides significant accuracy. Satisfactory experimental results show the importance of proposed method for packed metamorphic malware classification. Further, it has been recommended that this approach can be utilized to facilitate commercial antivirus engine.
Keywords: Entropy analysis, obfuscation, packing, symbolic aggregate analysis (SAX).