"Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach" by Thomas H. Austin

Selected Works of Mark Stamp

Follow Contact

Contribution to Book

Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach

2013 46th Hawaii International Conference on System Sciences (2013)

Thomas H. Austin, University of California, Santa Cruz
Eric Filiol, École supérieure d'informatique, électronique, automatique (ESIEA)
Sébastien Josse, École supérieure d'informatique, électronique, automatique (ESIEA)
Mark Stamp, San Jose State University

Link

Abstract

Recent work has presented hidden Markov models (HMMs) as a compelling option for virus identification. However, to date little research has been done to identify the meaning of these hidden states. In this paper, we examine HMMs for four different compilers, hand-written assembly code, three virus construction kits, and a metamorphic virus in order to note similarities and differences in the hidden states of the HMMs. Furthermore, we develop the dueling HMM Strategy, which leverages our knowledge about different compilers for more precise identification. We hope that this approach will allow for the development of better virus detection tools based on HMMs.

Keywords

virus construction kits,
malware,
hidden Markov model,
metamorphic malware

Disciplines

Publication Date

March 18, 2013

Publisher

IEEE

ISBN

978-1-4673-5933-7

DOI

10.1109/HICSS.2013.217

Publisher Statement

SJSU users: use the following link to log in and access the article via SJSU databases.

Citation Information

Thomas H. Austin, Eric Filiol, Sébastien Josse and Mark Stamp. "Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach" 2013 46th Hawaii International Conference on System Sciences (2013) p. 5039 - 5048
Available at: http://works.bepress.com/mark_stamp/69/