"Malware Detection Using Dynamic Birthmarks" by Swapna Vemparala

Selected Works of Mark Stamp

Follow Contact

Contribution to Book

Malware Detection Using Dynamic Birthmarks

Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics (2016)

Swapna Vemparala, San Jose State University
Fabio Di Troia, Università degli Studi del Sannio
Visaggio Aaron Corrado, Università degli Studi del Sannio
Thomas H. Austin, San Jose State University
Mark Stamp, San Jose State University

Link

Abstract

In this paper, we compare the effectiveness of Hidden Markov Models (HMMs) with that of Profile Hidden Markov Models (PHMMs), where both are trained on sequences of API calls. We compare our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in comparing our two dynamic analysis approaches, we find that using PHMMs consistently outperforms our technique based on HMMs.

Keywords

Malware,
Hidden Markov Models,
Profile Hidden Markov Models,
Dynamic Analysis,
Static Analysis

Disciplines

Publication Date

March 9, 2016

Publisher

ACM

ISBN

978-1-4503-4077-9

DOI

10.1145/2875475.2875476

Citation Information

Swapna Vemparala, Fabio Di Troia, Visaggio Aaron Corrado, Thomas H. Austin, et al.. "Malware Detection Using Dynamic Birthmarks" New York, NYProceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics (2016) p. 41 - 46
Available at: http://works.bepress.com/mark_stamp/61/