Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach

Author

Austin, Thomas H. ; Filiol, Eric ; Josse, Sebastien ; Stamp, Mark

fYear

2013

Firstpage

5039

Lastpage

5048

Abstract

Recent work has presented hidden Markov models (HMMs) as a compelling option for virus identification. However, to date little research has been done to identify the meaning of these hidden states. In this paper, we examine HMMs for four different compilers, hand-written assembly code, three virus construction kits, and a metamorphic virus in order to note similarities and differences in the hidden states of the HMMs. Furthermore, we develop the dueling HMM Strategy, which leverages our knowledge about different compilers for more precise identification. We hope that this approach will allow for the development of better virus detection tools based on HMMs.

Keywords

Assembly; Computational modeling; Hidden Markov models; Malware; Semantics; Viruses (medical); hidden Markov model; malware; metamorphic malware; virus construction kits;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2013 46th Hawaii International Conference on

Conference_Location

Wailea, HI, USA

ISSN

1530-1605

Print_ISBN

978-1-4673-5933-7

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2013.217

Filename

6480454

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1590165