Abstract | ||
---|---|---|
Recent work has presented hidden Markov models (HMMs) as a compelling option for malware identification. However, some advanced metamorphic malware like MetaPHOR and MWOR have proven to be more challenging to detect with these techniques. In this paper, we develop the dueling HMM Strategy, which leverages our knowledge about different compilers for more precise identification. We also show how this approach may be combined with previous techniques to minimize the performance overhead. Additionally, we examine the HMMs in order to identify the meaning of these hidden states. We examine HMMs for four different compilers, hand-written assembly code, three virus construction kits, and two metamorphic malware families in order to note similarities and differences in the hidden states of the HMMs. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1007/s11416-014-0232-9 | J. Computer Virology and Hacking Techniques |
Field | DocType | Volume |
Computer science,Assembly language,Compiler,Artificial intelligence,Metamorphic malware,Hidden Markov model,Malware,Machine learning,Metaphor,Dead code | Journal | 11 |
Issue | ISSN | Citations |
2 | 2274-2042 | 4 |
PageRank | References | Authors |
0.42 | 15 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ashwin Kalbhor | 1 | 4 | 0.42 |
Thomas H. Austin | 2 | 307 | 15.96 |
Eric Filiol | 3 | 461 | 47.32 |
Sébastien Josse | 4 | 57 | 7.13 |
Mark Stamp | 5 | 513 | 33.32 |