Abstract
In order to make lots of new malwares fast and cheaply, attacker can simply modify the existing malwares based on their binary files to produce new ones, malware variants. Malware variants refer to all the new malwares manually or automatically produced from any existing malware. However, such simple approach to produce malwares can change signatures of the original malware so that the new malware variants can confuse and bypass most of popular signature-based anti-malware tools. In this paper we propose a novel byte frequency based detecting model (BFBDM) to deal with the malware variants identification issue. The byte frequency of software refers to the frequency of the different unsigned bytes in the corresponding binary file. In order to implement BFBDM, two metrics, the distance and the similarity between the suspicious software and base sample, a known malware, are defined and calculated. According to the experimental results, we found out that if the distance is low and the similarity is high, the suspicious software is a variant of the selected malware with very high probability. The primary experimental results show that our model is efficient and effective for the identification of malware variants, especially for the manual variant.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
