Detecting Obfuscated Viruses Using Cosine Similarity Analysis

A
AMS
2007
First Asia International Conference on Modelling & Simulation (AMS'07)
Abstract - Detecting Obfuscated Viruses Using Cosine Similarity Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Abhishek Karnik Articles by Suchandra Goswami Articles by Ratan Guha

First Asia International Conference on Modelling & Simulation (AMS'07)

Prince of Songkla University, Phuket, Thailand

March 27-March 30

ISBN: 0-7695-2845-7

	ASCII Text	x
	Abhishek Karnik, Suchandra Goswami, Ratan Guha, "Detecting Obfuscated Viruses Using Cosine Similarity Analysis," Asia International Conference on Modelling & Simulation, pp. 165-170, First Asia International Conference on Modelling & Simulation (AMS'07), 2007.

	BibTex	x
	@article{ 10.1109/AMS.2007.31, author = {Abhishek Karnik and Suchandra Goswami and Ratan Guha}, title = {Detecting Obfuscated Viruses Using Cosine Similarity Analysis}, journal ={Asia International Conference on Modelling & Simulation}, volume = {0}, year = {2007}, isbn = {0-7695-2845-7}, pages = {165-170}, doi = {http://doi.ieeecomputersociety.org/10.1109/AMS.2007.31}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Asia International Conference on Modelling & Simulation TI - Detecting Obfuscated Viruses Using Cosine Similarity Analysis SN - 0-7695-2845-7 SP165 EP170 A1 - Abhishek Karnik, A1 - Suchandra Goswami, A1 - Ratan Guha, PY - 2007 KW - null VL - 0 JA - Asia International Conference on Modelling & Simulation ER -

Abhishek Karnik, The University of Central Florida, USA

Suchandra Goswami, The University of Central Florida, USA

Ratan Guha, The University of Central Florida, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AMS.2007.31

Virus writers are getting smarter by the day. They are coming up with new, innovative ways to evade signature detection by anti-virus software. One such evasion technique used by polymorphic and metamorphic viruses is their ability to morph code so that signature based detection techniques fail. These viruses change form such that every new infected file has different strings, rendering string based signature detection practically useless against such viruses. Our work is based on the premise that given a variant of morphed code, we can detect any obfuscated version of this code with high probability using some simple statistical techniques. We use the cosine similarity function to compare two files based on static analysis of the portable executable (PE) format. Our results show that for certain evasion techniques, it is possible to identify polymorphic/metamorphic versions of files based on cosine similarity.

Citation:

Abhishek Karnik, Suchandra Goswami, Ratan Guha, "Detecting Obfuscated Viruses Using Cosine Similarity Analysis," ams, pp.165-170, First Asia International Conference on Modelling & Simulation (AMS'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.