Detecting Metamorphic Virus Using Hidden Markov Model and Genetic Algorithm

被引:0
作者
Dastidar, Soumyadeep G. [1 ]
Mandal, Subhrangsu [1 ]
Barbhuiya, Ferdous A. [1 ]
Nandi, Sukumar [1 ]
机构
[1] Indian Inst Technol Guwahati, Dept Comp Sci & Engn, Gauhati 781039, Assam, India
来源
PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SOFT COMPUTING FOR PROBLEM SOLVING (SOCPROS 2011), VOL 2 | 2012年 / 131卷
关键词
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Metamorphic viruses dodges the classical signature-based detection system by modifying internal structure without compromising on the original functionality. To solve this problem, some machine learning technique, like Hidden Markov model (HMM) and Neural Network are can be used. HMM is a state machine where each state observes the input data with appropriate observation probability. HMM learns statistical properties of antivirus features rather than signatures and relies on such statistics to detect same family virus. Each HMM when trained with variants of same family viruses that are generated by same metamorphic engine so that HMM can detect similar viruses with high probability. But, in order to make the HMM detect viruses, there are three basic criteria that needs to be satisfied. Generally in most of the HMM based techniques, Baum-Welch method is used for solving one of the three problems, i.e, estimating the parameters of the corresponding HMM given an output sequence. In this paper, we have used the Genetic Algorithm to solve the problem. The selection of Genetic algorithm over the conventional Baum-Welch method lies in the non-linearity of the genetic algorithm. The Baum-Welch algorithm, being linear in nature, suffers from the local optima problem, which we have tried to overcome using our scheme.
引用
收藏
页码:305 / 315
页数:11
相关论文
共 12 条
[1]  
[Anonymous], 2008, INTRO GENETIC ALGORI
[2]  
Attaluri S., 2007, THESIS SANJOSE STATE
[3]   MAXIMUM LIKELIHOOD FROM INCOMPLETE DATA VIA EM ALGORITHM [J].
DEMPSTER, AP ;
LAIRD, NM ;
RUBIN, DB .
JOURNAL OF THE ROYAL STATISTICAL SOCIETY SERIES B-METHODOLOGICAL, 1977, 39 (01) :1-38
[4]  
Do Hoon Kim, 2007, 2007 3rd International Symposium on Information Assurance and Security, P177
[5]   Detecting Virus Mutations Via Dynamic Matching [J].
Feng, Min ;
Gupta, Rajiv .
2009 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE, CONFERENCE PROCEEDINGS, 2009, :105-114
[6]  
Govindaraj S., 2008, PRACTICAL DETECTION
[7]  
Kephart J.O., 1994, P 4 VIRUS B INT C, P178
[8]   A TUTORIAL ON HIDDEN MARKOV-MODELS AND SELECTED APPLICATIONS IN SPEECH RECOGNITION [J].
RABINER, LR .
PROCEEDINGS OF THE IEEE, 1989, 77 (02) :257-286
[9]   Data mining methods for detection of new malicious executables [J].
Schultz, MG ;
Eskin, E ;
Zadok, E ;
Stolfo, SJ .
2001 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2001, :38-49
[10]  
Szor P, 2005, ART COMPUTER VIRUS R