Identifying metamorphic virus using n-grams and Hidden Markov Model

Computer virus is a rapidly evolving threat to the computing community. These viruses fall into different categories and it is generally believed that metamorphic viruses are extremely difficult to detect. The first step to effectively combat a virus is to successfully classify it´s family so that past experience can be readily applied to understand it´s functionality and apply the right strategy to mitigate it. In this paper we propose and test a Hidden Markov Model (HMM) based classifier that can be used to identify the family to which a virus understudy belongs to. The proposed solution is to train multiple HMM´s, each representing a family of virus and then determine the family of the virus to be identified based on the log-likelihood similarity score obtained. Malware samples from the malicia data set were used to evaluate the proposed technique.