San Jose Credit Union
Practical detection of metamorphic malware is a difficult challenge. A detection technique using a hidden Markov model trained on opcode sequences was studied in. While this approach was highly successful at detecting hacker-produced metamorphic malware, in it was shown that the detector can be defeated by a properly designed metamorphic generator. In this paper, the authors consider a method for computing the similarity of executable les, based on opcode graphs. They apply this technique to the challenging problem of metamorphic malware detection and compare the results to previous work based on hidden Markov models. In addition, they analyze the effect of various morphing techniques on the success of their proposed opcode graph-based detection scheme.