A Study on Instruction Substitution Analysis of Metamorphic Malware | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Study on Instruction Substitution Analysis of Metamorphic Malware

  • Conference paper
  • First Online:
Proceedings of the International Conference on IT Convergence and Security 2011

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 120))

Abstract

Recent malware authors generate lots of malware variants using malware toolkits. Also, the malware has been generated using various techniques for avoiding detection by anti-virus software. In particular, metamorphic malware avoids such detection in anti-virus software by modifying codes automatically including a metamorphic engine as such malware is propagated. In this paper, an analysis of instruction substitution for metamorphic malware is performed and an instruction substitution rule is presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 22879
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 28599
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
JPY 28599
Price includes VAT (Japan)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhang Q, Reeves DS (2007) MetaAware: identifying metamorphic malware. In: Proceedings of the 23rd annual computer security applications conference, pp 411–420

    Google Scholar 

  2. Szor P (2005) The art of computer virus research and defense. Addison Wesley Professional, Boston

    Google Scholar 

  3. Jin R, Wei Q, Yang P, Wang Q (2007) Normalization towards instruction substitution metamorphism based on standard instruction set. In: Proceedings of the IEEE symposium on 2007 international conference on computational intelligence and security workshops, pp 795–798

    Google Scholar 

  4. VX Heavens, Available at http://vx.netlux.org/

  5. Han KS, Im EG (2011) An analysis on instruction substitution for metamorphic malware. In: Proceedings of the 2011 summer conference of Korea information and communications society

    Google Scholar 

Download references

Acknowledgement

This work was supported by the Mid-career Researcher Program of the NRF grant funded by the MEST (NRF 2010-1179-000).

Author information

Authors and Affiliations

  1. Department of Electronics Computer Engineering, Hanyang University, 17, Haengdang-dong, Seongdong-gu, Seoul, 133-791, South Korea

    Kyoung-Soo Han

  2. School of Computer Information Engineering, Sangji University, 83 Sangjidae-gil, Wonju-si, Gangwon-do, 220-702, Korea

    Kyoung-Yong Chung

  3. Division of Computer Science and Engineering, Hanyang University, 17, Haengdang-dong, Seongdong-gu, Seoul, 133-791, South Korea

    Eul Gyu Im

Authors
  1. Kyoung-Soo Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kyoung-Yong Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eul Gyu Im
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eul Gyu Im .

Editor information

Editors and Affiliations

  1. , Convergence Security, Kyoung-gi University, Iui-dong San 94-6, Suwon, Gyeonggi-do, 443-760, Korea, Republic of (South Korea)

    Kuinam J. Kim

  2. , Computer Science, Sungkyunkwan University, Cheonchoen-dong, Jangan-gu 300, Suwon, Gyeonggi-do, 110-745, Korea, Republic of (South Korea)

    Seong Jin Ahn

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media B.V.

About this paper

Cite this paper

Han, KS., Chung, KY., Im, E.G. (2012). A Study on Instruction Substitution Analysis of Metamorphic Malware. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_57

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-2911-7_57

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-2910-0

  • Online ISBN: 978-94-007-2911-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation