Технологія виявлення поліморфних комп’ютерних вірусів

Abstract

Traditional viruses were computer programs with a static structure that had very limited functionality. After the first detection, their structure is used by the antivirus program (AVP) as a tool to detect similar viruses with similar patterns. However, modern viruses can configure themselves and even change the structure of their functionality, which makes it difficult for antivirus software to detect them. A polymorphic virus is a complex computer virus that affects data types and functions, making it difficult to inspect its internal structure. The article reviews the general methods used by these viruses to demonstrate polymorphism; modern level of detection of polymorphic viruses; antivirus software to detect such viruses. The results of this study can be a source of knowledge for researchers and antivirus software companies.

Keywords: polymorphic virus, malicious software, antivirus.

References
1. Spafford, E. H., Heaphy, K. A., and Ferbrache, D. J. 1989. A computer virus primer.
2. Von Neumann, J., and Burks, A. W. 1996. Theory of selfreproducing automata. University of Illinois Press Urbana.
3. Christodorescu, M., and Jha, S. 2006. Static analysis of executables to detect malicious patterns. Tech. rep., Wisconsin Univ-Madison Dept of Computer Sciences.
4. Porras, P., Saidi, H., and Yegneswaran, V. 2009. Conficker c analysis. SRI International.
5. Anckaert, B., Madou, M., and De Bosschere, K. 2006. A model for self-modifying code. In International Workshop on Information Hiding, Springer, 232–248.
6. Torrubia-Saez, A., 2003. Polymorphic code generation method and system therefor, July 8. US Patent 6,591,415.
7. Borello, J.-M., and Me´, L. 2008. Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology 4, 3, 211–220.
8. Griffin, K., Schneider, S., Hu, X., and Chiueh, T.-C. 2009. Automatic generation of string signatures for malware detection. In International workshop on recent advances in intrusion detection, Springer, 101–120.
9. Sung, A. H., Xu, J., Chavez, P., and Mukkamala, S. 2004. Static analyzer of vicious executables (save). In Computer Security Applications Conference, 2004. 20th Annual, IEEE, 326– 334.
10. Bonfante, G., Kaczmarek, M., and Marion, J.-Y. 2007. Control flow graphs as malware signatures. In International workshop on the Theory of Computer Viruses.
11. Chaumette, S., Ly, O., and Tabary, R. 2011. Automated extraction of polymorphic virus signatures using abstract interpretation. In Network and System Security (NSS), 2011 5th International Conference on, IEEE, 41–48.
12. Agrawal, H., Bahler, L., Micallef, J., Snyder, S., and Virodov, A. 2012. Detection of global, metamorphic malware variants using control and data flow analysis. In Military Communications Conference, 2012-MILCOM 2012, IEEE, 1–6.
13. Moskovitch, R., Elovici, Y., and Rokach, L. 2008. Detection of unknown computer worms based on behavioral classification of the host. Computational Statistics & Data Analysis 52, 9, 4544–4566.
14. Yann, T., and Petrovsky, O., 2006. Detection of polymorphic virus code using dataflow analysis, June 27. US Patent 7,069,583.
15. Polychronakis, M., Anagnostakis, K. G., and Markatos, E. P. 2006. Network–level polymorphic shellcode detection using emulation. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 54–73.
16. Rogers, A. J., Yann, T., and Jordan, M., 2012. Detection of viral code using emulation of operating system functions, Dec. 25. US Patent 8,341,743.
17. Muttik, I., and Long, D. V., 2005. Detecting computer viruses or malicious software by patching instructions into an emulator, June 14. US Patent 6,907,396.
18. Muttik, I., 2004. Detecting malicious software by analyzing patterns of system calls generated during emulation, Aug. 10. US Patent 6,775,780.
19. Stepan, A. E. 2005. Defeating polymorphism: beyond emulation. In Proceedings of the Virus Bulletin International Conference.
20. Szor, P. 2005. The art of computer virus research and defense. Pearson Education.
21. Bontchev, V. 1992. Mte detection test. Virus News Int, 26–34.
22. Nguyen, Vinh. (2018). A study of polymorphic virus detection. 10.13140/RG.2.2.19853.79842.
23. Asiru, O., Dlamini, M., and Blackledge, J. 2017. Application of artificial intelligence for detecting derived viruses. In European Conference on Cyber Warfare and Security, Academic Conferences International Limited, 647–655.