TITLE:
Exploring the Effects of Gap-Penalties in Sequence-Alignment Approach to Polymorphic Virus Detection
AUTHORS:
Vijay Naidu, Jacqueline Whalley, Ajit Narayanan
KEYWORDS:
Polymorphic Malware Variants, Gap Penalties, Syntactic Approach, Pairwise Sequence Alignment, Multiple Sequence Alignment, Automatic Signature Generation, Smith-Waterman Algorithm, JS. Cassandra Virus, W32.CTX/W32.Cholera Virus, W32.Kitti Virus
JOURNAL NAME:
Journal of Information Security,
Vol.8 No.4,
October
19,
2017
ABSTRACT:
Antiviral software systems (AVSs) have problems in identifying polymorphic
variants of viruses without explicit signatures for such variants. Alignment-based techniques from bioinformatics may provide a novel way to generate
signatures from consensuses found in polymorphic variant code. We
demonstrate how multiple sequence alignment supplemented with gap penalties
leads to viral code signatures that generalize successfully to previously
known polymorphic variants of JS. Cassandra virus and previously unknown
polymorphic variants of W32.CTX/W32.Cholera and W32.Kitti viruses. The
implications are that future smart AVSs may be able to generate effective signatures
automatically from actual viral code by varying gap penalties to cover
for both known and unknown polymorphic variants.