Frequency Based Metamorphic Malware Detection

Abstract

Malwares can create new malware samples which have different size, structure and operation mode but same functionality in each metamorphic code generation via malicious code obfuscation methods. So they can bypass traditional signature-based malware detection systems. In this study, a pattern recognition based system that detects metamorphic malware by using summary structure of Malware Analysis Intermediate Language (MAIL) has been improved. For the term frequency of MAIL language codes, feature extraction, feature selection and classification algorithm is researched in terms of accuracy and performance. The system is tested with metamorphic malware construction kits NGVCK, G2, VCL32, PSMPC and achieve % 100 accuracy with 2 of 26 MAIL feature and implement % 93 feature reduction.