Malware Obfuscation Measuring Via Evolutionary Similarity

Jian Li,Jun Xu,Ming Xu,HengLi Zhao,Ning Zheng
DOI: https://doi.org/10.1109/icfin.2009.5339567
2009-01-01
Abstract:With prevailing of the malware, it is necessary to measure the malware obfuscation. We traced the system calls as the dynamic action of malware, and used evolutionary similarity to measure obfuscation. An algorithm, which uses sequence alignment as a way of arranging the sequences to identify similar regions, has been proposed to calculate the similarity. We used real-world malwares to test the resilience of our method. Our experiment has shown that our method has strong resilience against common obfuscation technologies.
What problem does this paper attempt to address?