Abstract
The paper describes formalization of existing code mutation techniques widely used in a viruses (polymorphism and metamorphism) by means of formal grammars and automatons. New model of metamorphic viruses and new classification of this type of viruses are suggested. The statement about undetectable viruses of this type is proved. In that paper are shown iterative approach toward construct complex formal grammars from the simplest initial rules for building metamorphic generator. Also there are some samples of applied usage of formal grammar model. The experiment for system call tracing of some viruses and worms is described. Possibility of using system call sequences for viruses detecting is shown.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Qozah. Polymorphism and grammars, 29A E-zine, 1999, #4
Filiol, E.: Metamorphism, formal grammars and undecidable code mutation. In: Proceedings of World Academy of Science, Engineering and Technology (PWASET), vol. 20 (2007)
Jones N.D.: Computability and Complexity. MIT Press, Cambridge (1997)
Filiol E.: Computer viruses: from theory to applications, 405 p. Springer, France (2005)
Szor P.: The Art of Computer: Virus Research and Defense, 744 p. Symantec Press, USA (2005)
Bruschi, D., Martignoni, L., Monga, M.: Using Code Normalization for Fighting Self-Mutating Malware, Security & Privacy, IEEE, vol. 5, pp. 46–54 (2007)
Lakhotia, A., Kapoor, A., Uday E.: Are metamorphic viruses really invincible? Virus Bulletin, pp. 5–7 (2004)
Lakhotia, A., Kapoor, A., Uday E.: Are metamorphic viruses really invincible? Virus Bulletin, pp. 9–12 (2005)
Zhang, Q., Reeves, D.: MetaAware: identifying metamorphic malware. In: Proceedings of the 23rd Annual Computer Security Applications Conference, Miami Beach, Florida (2007)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zbitskiy, P.V. Code mutation techniques by means of formal grammars and automatons. J Comput Virol 5, 199–207 (2009). https://doi.org/10.1007/s11416-009-0121-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-009-0121-9