Now a group of researchers in New Zealand have come up with a biology-inspired method for detecting 'genetic' characteristics of malware, enabling it to recognise new variants, even if a signature for it has yet to be built.
Ajit Narayanan and Yi Chen of the School of Computing & Mathematical Sciences, Auckland University of Technology, Auckland, New Zealand reasoned that data mining techniques might be used to improve antivirus defences, by being able to understand whether a particular program was likely to be benign or potentially malware.
“One of the problems in applying automatic data mining techniques to malware code directly, even if it is available, is the variable length of the code, since most data mining and other machine learning techniques assume fixed length sequences with a column representing measurements of the same variable across many samples,” they explain in their research paper.
To get round this problem, the researchers developed a technique to turn malware hexadecimal signatures into amino acid representations. They then used established protein modelling systems to analyse the malware.
They tested out the system with the signatures of 60 computer viruses and 60 worms. This showed the system can be used to create genetic fingerprints for the malware, with far greater accuracy than is currently possible.
The researchers think it may ultimately allow them to build an algorithm that can analyse a program and work out whether it contains malware. The research was submitted to the ArXiv repository.
18 Feb 2013