"Dueling hidden Markov Models for virus analysis" by Ashwin Kalbhor

Selected Works of Thomas H. Austin

Follow Contact

Article

Dueling hidden Markov Models for virus analysis

Journal of Computer Virology and Hacking Techniques (2014)

Ashwin Kalbhor, San Jose State University
Thomas H. Austin, San Jose State University
Eric Filiol
S'ebastien Josse
Mark Stamp, San Jose State University

Link

Abstract

Recent work has presented hidden Markov models (HMMs) as a compelling option for malware identification. However, some advanced metamorphic malware like MetaPHOR and MWOR have proven to be more challenging to detect with these techniques. In this paper, we develop the dueling HMM Strategy, which leverages our knowledge about different compilers for more precise identification. We also show how this approach may be combined with previous techniques to minimize the performance overhead. Additionally, we examine the HMMs in order to identify the meaning of these hidden states. We examine HMMs for four different compilers, hand-written assembly code, three virus construction kits, and two metamorphic malware families in order to note similarities and differences in the hidden states of the HMMs.

Keywords

Markov models,
hidden virus,
computer virology,
hacking

Disciplines

Computer Sciences

Publication Date

2014

Publisher Statement

SJSU users: use the following link to login and access the article via SJSU databases

Citation Information

Ashwin Kalbhor, Thomas H. Austin, Eric Filiol, S'ebastien Josse, et al.. "Dueling hidden Markov Models for virus analysis" Journal of Computer Virology and Hacking Techniques (2014)
Available at: http://works.bepress.com/thomas_austin/6/