Towards Metamorphic Virus Recognition Using Eigenviruses

TL;DR

This paper introduces a novel metamorphic virus detection method using Eigenviruses, an unsupervised machine learning approach inspired by face recognition techniques, and evaluates its effectiveness against existing antivirus solutions.

Contribution

The paper presents a new Eigenviruses-based detection technique for metamorphic viruses, combining machine learning with virus code analysis, which is a novel application in this domain.

Findings

The Eigenviruses approach shows promising detection accuracy.

Experimental results outperform some commercial antivirus engines.

The method offers potential for future enhancements in virus detection.

Abstract

Metamorphic viruses are considered the most dangerous of all computer viruses. Unlike other computer viruses that can be detected statically using static signature technique or dynamically using emulators, metamorphic viruses change their code to avoid such detection techniques. This makes metamorphic viruses a real challenge for computer security researchers. In this thesis, we investigate the techniques used by metamorphic viruses to alter their code, such as trivial code insertion, instructions substitution, subroutines permutation and register renaming. An in-depth survey of the current techniques used for detection of this kind of viruses is presented. We discuss techniques that are used by commercial antivirus products, and those introduced in scientific researches. Moreover, a novel approach is then introduced for metamorphic virus recognition based on unsupervised machine learning generally and Eigenfaces technique specifically which is widely used for face recognition. We analyze the performance of the proposed technique and show the experimental results compared to results of well-known antivirus engines. Finally, we discuss the future and potential enhancements of the proposed approach to detect more and other target viruses.