Title: Circumventing Principle Component Analysis-Based Malware Detection

Abstract:
Metamorphic malware uses different but functionally equivalent code between replicates to avoid simple signatures and the classic dynamic defences for polymorphic code. Recently, several works have applied machine learning to the metamorphic malware detection problem. This presentation outlines three contributions to this area. First, shows that some previous works relied on somewhat unrealistic test sets when evaluating their results. Second, it shows that the application of K-nearest neighbour (KNN) classification can improve the results
obtained from previous principal component analysis (PCA) based distinguishers. Finally, it gives a simple obfuscator which can fool a previous PCA distinguisher and the improved PCA-KNN distinguisher.