Literature survey on virus detection of HMM

 Literature survey on virus detection of HMM

Exploring the Hidden Markov Model for Virus Analysis: Semantic Approach

Abstract

The latest work has presented a Hidden Markov model (HMMS) as an attractive choice for virus identification. However, until now a few studies have been conducted to identify the meaning of these hidden countries. In this paper, we checked HMMs for four different compilers, handwritten assembly code, three virus construction kits, and metamorph viruses to record similarities and differences in hidden countries HMMS. Furthermore, we develop hmm duel strategies, which utilize our knowledge of various compilers for more precise identification. 


introduction

Wong and stamp [30] have shown that a tool based on HID-

Model den Markov (HMMS) is effective for detecting meta

Morfic computer virus. This paper explores these tools at

more profound to better understand hidden meaning

stated in this model.

In other domains, HMM countries have

Connect with several fundamental aspects of Athand's problems. For example, caves and neuwirth [5] revealed that

Hmm with two hidden countries for English (written) LAN-

Guage in accordance with vocals and consonants. This paper is

teasing to reveal details about hidden countries and blocking

mine insight what they might give about the assembly code

In general, and the virus code in particular.

The main insight is a virus construction kit and meta-

The morphic code is basically another type of compiler. We

Test building models for four different compilers, for hands

Written assembly code (benign), for three virus construction

Kit, and for two metamorphic malware families. We are iden-

TIFY points that stand out from our model, record how handwriting

assembly is different from the code compiled and how the code is benign

Different from the virus code.

We take advantage of understanding of different models

More effective detect computer viruses. Traditional

Proach uses the virus code model and a hidden markov flag

Files as infected if you exceed the given threshold [30]. As a replacement,

We test files against several HMMs and different flags

submit as a virus only if the HMM virus reports the highest

The probability of observing files given. We support this approach

hmm duel strategy, evokes the idea that difference

Ferent Hmms compete with each other. Re-

SULT shows that hmm duel strategies reach superior

produce threshold-based techniques, and often done

Tive on identifying the virus. While some hmms have

leverage in other areas such as intrusion detection [8], this

The previous approach was applied to the identification of viruses

,

This paper expands on previous conference paper [3]

to enter additional source analysis of benign code and

Additional virus families, including Mwor worms [22]

specifically designed to avoid detection techniques

used by Wong and Cap. We also show how the threshold

The approach can be combined with hmm duel strategies to reduce the performance of the hmm duel overhead

Strategy without reducing the accuracy of the results.


- We explore the semantic meaning behind hidden countries

From the Hidden Markov model.

- We demonstrate the effectiveness of HMMS in distin-

Towards between different compilers.

- We develop hmm duel strategies, new technology

Nique to use some HMMs in virus identification.

- We develop hmm tiered strategies that combine

Threshold approach with hmm duel strategy, gain-

Ing the benefits of both techniques.

1.1 polymorphic viruses, metamorph viruses, and viruses

Construction kit

Signature-based detection is the main method of identity

Computer virus fying [29]. However, virus makers have

has a lot of sense, and has developed various counters

Measurement. One of the initial approaches used by the virus writer is for

Encryption