International Journal of Computer Applications (0975 – 8887) Volume 122 – No.10, July 2015 28 Detecting and Classifying Morphed Malwares: A Survey Sanjam Singla Department of Computer Science PEC University of Technology Chandigarh, India Divya Bansal Department of Computer Science PEC University of Technology Chandigarh, India Ekta Gandotra Department of Computer Science PEC University of Technology Chandigarh, India Sanjeev Sofat Department of Computer Science PEC University of Technology Chandigarh, India ABSTRACT In this era, most of the antivirus companies are facing immense difficulty in detecting morphed malwares as they conceal themselves from detection. Malwares use various techniques to camouflage themselves so as to increase their lifetime. These obscure methods cannot completely impede analysis, but it prolongs the process of analysis and detection. This paper presents a review on malware detection systems and the progress made in detecting advanced malwares which will serve as a reference to researchers interested in working on advance malware detection systems. Keywords Malware Evolution, Polymorphic, Oligomorphic, Metamorphic, Obfuscation, Decryptor and Encryptor 1. INTRODUCTION Malware is an infuriating and hostile software program designed to secretly use the system exclusive of user knowledge. Malware authors are often looking for developing the specific code once as morphed malwares of an existing malware [1], are easy to develop and also prevents from developing a new malware from scratch. Figure 1. Traditional vs Advanced Malwares [2] Figure 1 highlights the major differences between traditional and advanced malwares. It is clear from the above figure that new advanced malwares as compared to old traditional malwares are more perilous and difficult to detect as they conceal their presence [2]. According to McAfee 2014 Q3 threat report [3] there is a growth by 76% in appearance of malwares over the past year. Increasing trend in the growth and complexity of malwares makes the job of the antivirus companies much more difficult in detection of these morphed malwares as different generators are used to generate these morphed malwares which mutates after every execution i.e. creating a new malware with the same functionality but with different body structure. Figure 2 displays evolution period of camouflage techniques in malware and their size depicts the challenges in detecting these malwares. Figure 2. Evolution of Stealth Malwares This paper presents a brief survey on mechanism of advanced malwares such as polymorphic and metamorphic with their obfuscation and advance detection techniques. Paper is organized as follows: Section 2 depicts evolution of camouflage malwares followed by their mechanism. Moreover Section 3 explains different concealment techniques used by the malwares to camouflage themselves from detection. Section 4 provides knowledge about various detection techniques and a survey on work done in detecting advanced malwares. Section 5 highlights the discussions with the following gaps in the survey. Finally conclusion is presented in Section 6. 2. CAMOUFLAGE EVOLUTION Malwares are malevolent software’s which are extremely perilous and are a top most security menace to computer systems and the advancement in the malware code by concealing the appearance is a serious challenge for the antivirus companies. This section briefs about advanced morphed malwares with their mechanisms. A. Encrypted Malwares The first encrypted virus that came into existence in 1987 was Cascade [5]. The main goal of the malware authors was to