Polymorphic Malware in Executable Files and the Approaches towards their Detection and Extraction

Authors

  • Baothman F Dept. of Computer Science, College of Computers and Information Technology (Taif University), Taif, Saudi Arabia
  • Mohammed MH Dept. of Information Technology, College of Computers and Information Technology, (Taif University), Taif, Saudi Arabia

DOI:

https://doi.org/10.26438/ijcse/v6i2.1217

Keywords:

Malware Detection, Static Analysis, Dynamic Analysis, Polymorphic Malware, Machine Learning

Abstract

The malwares which are present with subtle with polymorphic techniques like self-mutation and emulation based mostly analysis evasion. Most anti-malware techniques are engulfed by the polymorphic malware threats that self-mutate with completely different variants at each attack. This analysis aims to contribute to the detection of malicious codes, particularly polymorphic malware by utilizing advanced static and advanced dynamic analysis for extraction of a lot of informative key options of a malware through code analysis, memory analysis and activity analysis. Correlation based mostly feature choice rules are rework features; i.e. filtering and choosing best and relevant options. A machine learning technique known as K-Nearest Neighbor (K-NN) are used for classification and detection of polymorphic malware analysis, results are supported the subsequent measuring metrics— True Positive Rate (TPR), False Positive Rate (FPR) and therefore the overall detection accuracy of experiments.

References

Lavasoft, “Detecting Polymorphic Malware.” [Online]. Available: http://www.lavasoft.com/mylavasoft/securitycenter/whitepapers/detecting-polymorphic-malware. [Accessed: 01-Sep-2016].

A. Sharma and S. K. Sahay, “Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey,” International Journal of Computer Applications, vol. 90, no. 2, pp. 7–11, 2014.

S. K. Pandey and B. M. Mehtre, “A lifecycle based approach for malware analysis,” Proceedings - 2014 4th International Conference on Communication Systems and Network Technologies, CSNT 2014, pp. 767–771, 2014.

Y. Prayudi and S. Yusirwan, “the Recognize of Malware Characteristics Through Static and Dynamic Analysis Approach As an Effort To Prevent Cybercrime Activities,” Journal of Theoretical and Applied Information Technology (JATIT), vol. 77, no. xx, pp. 438–445, 2015.

M. Sikorski and A. Honig, Practical Malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press, Inc., 2012.

M. Ahmadi, A. Sami, H. Rahimi, and B. Yadegari, “Malware detection by behavioural sequential patterns,” Computer Fraud & Security, vol. 2013, no. 8, pp. 11–19, 2013.

S. Kumar, C. Rama Krishna, N. Aggarwal, R. Sehgal, and S. Chamotra, “Malicious data classification using structural information and behavioral specifications in executables,” 2014 Recent Advances in Engineering and Computational Sciences, RAECS 2014, pp. 1–6, 2014.

S. Cesare, Y. Xiang, and W. Zhou, “Malwise-an effective and efficient classification system for packed and polymorphic malware,” IEEE Transactions on Computers, vol. 62, no. 6, pp. 1193–1206, 2013.

D. Arish and M. Singh, “Behavior Analysis of Malware Using Machine Learning,” in Contemporary Computing (IC3), 2015 Eighth International Conference on, 2015, pp. 481–486.

G. Liang, J. Pang, and C. Dai, “A Behavior-Based Malware Variant Classification Technique,” International Journal of Information and Education Technology, vol. 6, no. 4, pp. 291–295, 2016.

V. Naidu and A. Narayanan, “Needleman-Wunsch and Smith-Waterman Algorithms for Identifying Viral Polymorphic Malware Variants,” 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), no. August, pp. 326–333, 2016.

M. Ahmadi, A. Sami, H. Rahimi, and B. Yadegari, “Malware detection by behavioural sequential patterns,” Computer Fraud and Security, vol. 2013, no. 8, pp. 11–19, 2013.

P. M. Comar, L. Liu, S. Saha, P. N. Tan, and A. Nucci, “Combining supervised and unsupervised learning for zero-day malware detection,” Proceedings - IEEE INFOCOM, pp. 2022–2030, 2013.

J. Park, S. Choi, and D. Y. Kim, “Malware Analysis and Classification: A Survey,” Lecture Notes in Electrical Engineering, vol. 215, no. April, pp. 449–457, 2013.

L. Zeltser, “Malware sample sources for researchers.” [Online]. Available: https://zeltser.com/malware-sample-sources. [Accessed: 28-Feb-2016].

Emmanuel Masabo Makerere ,Kyanda Swaib Kaawaase, Julianne Sansa-Otim Makerere University, Kampala, Uganda Damien Hanyurwimfura University of Rwanda, Kigali, Rwanda

V. Kumar and S. Minz, “Feature Selection: A literature Review,” Smart Computing Review, vol. 4, no. 3, pp. 211–229, 2014.

A. Azab, R. Layton, M. Alazab, and J. Oliver, “Mining malware to detect variants,” Proceedings - 5th Cybercrime and Trustworthy Computing Conference, CTC 2014, pp. 44–53, 2015.

Downloads

Published

2025-11-12
CITATION
DOI: 10.26438/ijcse/v6i2.1217
Published: 2025-11-12

How to Cite

[1]
F. Baothman and M. H. Mohammed, “Polymorphic Malware in Executable Files and the Approaches towards their Detection and Extraction”, Int. J. Comp. Sci. Eng., vol. 6, no. 2, pp. 12–17, Nov. 2025.

Issue

Vol. 6 No. 2 (2018): IJCSE February Edition

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.