Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach

被引:35
作者
Austin, Thomas H. [1 ]
Filiol, Eric [1 ]
Josse, Sebastien [1 ]
Stamp, Mark [1 ]
机构
[1] Univ Calif Santa Cruz, Santa Cruz, CA 95064 USA
来源
PROCEEDINGS OF THE 46TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES | 2013年
关键词
D O I
10.1109/HICSS.2013.217
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Recent work has presented hidden Markov models (HMMs) as a compelling option for virus identification. However, to date little research has been done to identify the meaning of these hidden states. In this paper, we examine HMMs for four different compilers, hand-written assembly code, three virus construction kits, and a metamorphic virus in order to note similarities and differences in the hidden states of the HMMs. Furthermore, we develop the dueling HMM Strategy, which leverages our knowledge about different compilers for more precise identification. We hope that this approach will allow for the development of better virus detection tools based on HMMs.
引用
收藏
页码:5039 / 5048
页数:10
相关论文
共 23 条
  • [1] [Anonymous], ACSAC
  • [2] [Anonymous], GNU COMP COLL
  • [3] [Anonymous], 2009, INT C MAL UNW SOFTW
  • [4] [Anonymous], S SEC PRIV
  • [5] [Anonymous], VIR B C
  • [6] [Anonymous], RAID
  • [7] [Anonymous], CORR
  • [8] [Anonymous], THESIS U LOUISIANA L
  • [9] [Anonymous], 1980, HIDDEN MARKOV MODELS
  • [10] Profile hidden Markov models and metamorphic virus detection
    Attaluri, Srilatha
    McGhee, Scott
    Stamp, Mark
    [J]. JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2009, 5 (02): : 151 - 169
123