PROPOSING AN HMM-BASED APPROACH TO DETECT METAMORPHIC MALWARE
Main Article Content
Abstract
Previous research has shown that hidden Markov model (HMM) is a compelling option for malware identification. However, some advanced metamorphic malware have proven to be more challenging to detect with these techniques. In this paper, we separated the importance of the some part of the malware files to train the HMMs aiming at extracting the significant sequences of malware opcodes. These parts have been deemed important according to their dissimilarity to the benign files, as all parts of a malware file are not representative of the malicious nature. Extracting these parts has been performed using the methods similar to sound processing. The results demonstrate that the proposed method has the higher accuracy to the metamorphic malware detection and also has the higher speed at classification, compared to the previous methods
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
References
A. Kalbhor, T. H. Austin, E. Filiol and M. Stamp, "Dueling hidden Markov models for virus analysis," Journal in Computer Virology Hack Tech:Springer, 2018.
C. Annachhatre, T. H. Austin and M. Stamp, "Hidden Markov models for malware classification," Journal in Computer Virology Hack Tech:Springer, 2019.
Cygwin, Available: http://cygwin.com
D. Baysa, "Structural Entropy and Metamorphic Malware," M.S. dissertation, Dept. Comp. Sc., Univ. San Jose State, 2019.
J. Aycock, "Computer Viruses and Malware," Advances In Information Security:Springer, 2019.
J. Kuriakose and P. Vinod, "Ranked Linear Discriminant Analysis Features for Metamorphic Malware Detection," IEEE International Advanced Computing Conference, pp. 112-117, 2020.
K. Mathur and S. Hiranwal, "A Survey on Techniques in Detection and Analyzing Malware Executables," International Journal of Advanced Research in Computer Science and Software Engineering, pp. 422-428, 2018.