Metamorphic Viruses Detection by Hidden Markov Models
Paper ID : 1673-IST
saeid rezaei *, Fereidoon rezaei, Masoud Khalil Nezhad, Ali Payandeh
Metamorphic viruses shape change leads to be unable to extract a fixed signature from them for next detection. Virus writers make their viruses undetectable using obfuscation methods in order to disable anti viruses to detect them easily, which ends in metamorphic viruses. We used hidden Markov model to propose a method which we named detection circle. We used three elements of a string occurrence probability, specifically-located character occurrence probability, and the amount of virus similarity to a family of viruses. It resulted in a 94-percent detection of this kind of viruses; however, other anti viruses detected less than 50% of viruses. More research and investment in multi-factor methods in hidden Markov model are recommended to detect viruses.