Proposing an HMM-based approach to detect metamorphic malware

Previous research has shown that hidden Markov model (HMM) is a compelling option for malware identification. However, some advanced metamorphic malware have proven to be more challenging to detect with these techniques. In this paper, we separated the importance of the some part of the malware files to train the HMMs aiming at extracting the significant sequences of malware opcodes. These parts have been deemed important according to their dissimilarity to the benign files, as all parts of a malware file are not representative of the malicious nature. Extracting these parts has been performed using the methods similar to sound processing. The results demonstrate that the proposed method has the higher accuracy to the metamorphic malware detection and also has the higher speed at classification, compared to the previous methods.

[1]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[2]  Kirti Mathur,et al.  A Survey on Techniques in Detection and Analyzing Malware , 2013 .

[3]  Mark Stamp,et al.  A Revealing Introduction to Hidden Markov Models , 2017 .

[4]  Mark Stamp,et al.  Hidden Markov models for malware classification , 2015, Journal of Computer Virology and Hacking Techniques.

[5]  Mark J. F. Gales,et al.  The Application of Hidden Markov Models in Speech Recognition , 2007, Found. Trends Signal Process..

[6]  Sami Khuri,et al.  ANALYSIS AND DETECTION OF METAMORPHIC COMPUTER VIRUSES , 2006 .

[7]  Eric Filiol,et al.  Dueling hidden Markov models for virus analysis , 2015, Journal of Computer Virology and Hacking Techniques.

[8]  Mark Stamp,et al.  Structural entropy and metamorphic malware , 2013, Journal of Computer Virology and Hacking Techniques.

[9]  John Aycock Computer Viruses and Malware (Advances in Information Security) , 2006 .

[10]  P. Vinod,et al.  Ranked linear discriminant analysis features for metamorphic malware detection , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[11]  Mark Stamp,et al.  Exploring Hidden Markov Models for Virus Analysis: A Semantic Approach , 2013, 2013 46th Hawaii International Conference on System Sciences.

[12]  R. Nigel Horspool,et al.  Sliding window and control flow weight for metamorphic malware detection , 2014, Journal of Computer Virology and Hacking Techniques.

[13]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.