Universiti Teknologi Malaysia Institutional Repository

An enhanced performance model for metamorphic computer virus classification and detectioN

Basharirad, Babak (2013) An enhanced performance model for metamorphic computer virus classification and detectioN. PhD thesis, Universiti Teknologi Malaysia, Faculty of Computing.

[img]
Preview
PDF
1MB

Abstract

Metamorphic computer virus employs various code mutation techniques to change its code to become new generations. These generations have similar behavior and functionality and yet, they could not be detected by most commercial antivirus because their solutions depend on a signature database and make use of string signature-based detection methods. However, the antivirus detection engine can be avoided by metamorphism techniques. The purpose of this study is to develop a performance model based on computer virus classification and detection. The model would also be able to examine portable executable files that would classify and detect metamorphic computer viruses. A Hidden Markov Model implemented on portable executable files was employed to classify and detect the metamorphic viruses. This proposed model that produce common virus statistical patterns was evaluated by comparing the results with previous related works and famous commercial antiviruses. This was done by investigating the metamorphic computer viruses and their features, and the existing classifications and detection methods. Specifically, this model was applied on binary format of portable executable files and it was able to classify if the files belonged to a virus family. Besides that, the performance of the model, practically implemented and tested, was also evaluated based on detection rate and overall accuracy. The findings indicated that the proposed model is able to classify and detect the metamorphic virus variants in portable executable file format with a high average of 99.7% detection rate. The implementation of the model is proven useful and applicable for antivirus programs.

Item Type:Thesis (PhD)
Additional Information:Thesis (Ph.D (Sains Komputer)) - Universiti Teknologi Malaysia, 2013; Supervisors : Assoc. Prof. Dr. Maslin Masrom, Assoc. Prof. Dr. Suhaimi Ibrahim
Uncontrolled Keywords:computer security, computer viruses
Subjects:Q Science > QA Mathematics
Divisions:Computing
ID Code:38026
Deposited By: Narimah Nawil
Deposited On:12 Apr 2018 05:41
Last Modified:12 Apr 2018 05:41

Repository Staff Only: item control page