A method for detecting machine-generated malware

A method is proposed that applies techniques from the discipline of forensic linguistics to the problem of detecting machine-generated malicious programs, such as metamorphic malware, by attempting to attribute a suspect program to a known malware-generator. This method considerably reduces the burden of having to store one signature for every known malware instance. The proposed method was tested on a number of toolkit-generated malware instances (NGVCK and VCL) and metamorphic instances (Evol and Simile), and achieved a detection accuracy of up to 92% for the toolkits and engines that were experimented with.