SBRT: API signature behaviour based representation technique for improving metamorphic malware detection

Abstract

Malware a piece of code that deliberately fulfills the harmful intent of an attacker causes harm to the host computer, it is considered as the root cause of many Internet security problems. To evade detection by malware detectors, malware writers use various obfuscation techniques to transform their malware. Metamorphic Malware is hardly detectable with regular string signatures. Several detection techniques have been used to detect metamorphic malware. In this paper, we propose a framework that leads to a novel approach of a signature and behavior based technique for improving detection of metamorphic malware, using a standard dataset of known malware text samples represented in string format we identify the various functions and parameters that they are calling, hence pinpointing parameters repeatedly called by same functions. This indicates the risky zone of the malware file(s) that holds the actual piece of code which has been injected with some ineffective benign instructions. Hence, this procedure facilitates detection of unknown malware file(s), making detection process faster and more accurate.