Literature survey on virus detection of HMM
Exploring the Hidden Markov Model for Virus Analysis: Semantic Approach
Abstract
The latest work has presented a Hidden Markov model (HMMS) as an attractive choice for virus identification. However, until now a few studies have been conducted to identify the meaning of these hidden countries. In this paper, we checked HMMs for four different compilers, handwritten assembly code, three virus construction kits, and metamorph viruses to record similarities and differences in hidden countries HMMS. Furthermore, we develop hmm duel strategies, which utilize our knowledge of various compilers for more precise identification.
introduction
Wong and stamp [30] have shown that a tool based on HID-
Model den Markov (HMMS) is effective for detecting meta
Morfic computer virus. This paper explores these tools at
more profound to better understand hidden meaning
stated in this model.
In other domains, HMM countries have
Connect with several fundamental aspects of Athand's problems. For example, caves and neuwirth [5] revealed that
Hmm with two hidden countries for English (written) LAN-
Guage in accordance with vocals and consonants. This paper is
teasing to reveal details about hidden countries and blocking
mine insight what they might give about the assembly code
In general, and the virus code in particular.
The main insight is a virus construction kit and meta-
The morphic code is basically another type of compiler. We
Test building models for four different compilers, for hands
Written assembly code (benign), for three virus construction
Kit, and for two metamorphic malware families. We are iden-
TIFY points that stand out from our model, record how handwriting
assembly is different from the code compiled and how the code is benign
Different from the virus code.
We take advantage of understanding of different models
More effective detect computer viruses. Traditional
Proach uses the virus code model and a hidden markov flag
Files as infected if you exceed the given threshold [30]. As a replacement,
We test files against several HMMs and different flags
submit as a virus only if the HMM virus reports the highest
The probability of observing files given. We support this approach
hmm duel strategy, evokes the idea that difference
Ferent Hmms compete with each other. Re-
SULT shows that hmm duel strategies reach superior
produce threshold-based techniques, and often done
Tive on identifying the virus. While some hmms have
leverage in other areas such as intrusion detection [8], this
The previous approach was applied to the identification of viruses
,
This paper expands on previous conference paper [3]
to enter additional source analysis of benign code and
Additional virus families, including Mwor worms [22]
specifically designed to avoid detection techniques
used by Wong and Cap. We also show how the threshold
The approach can be combined with hmm duel strategies to reduce the performance of the hmm duel overhead
Strategy without reducing the accuracy of the results.
- We explore the semantic meaning behind hidden countries
From the Hidden Markov model.
- We demonstrate the effectiveness of HMMS in distin-
Towards between different compilers.
- We develop hmm duel strategies, new technology
Nique to use some HMMs in virus identification.
- We develop hmm tiered strategies that combine
Threshold approach with hmm duel strategy, gain-
Ing the benefits of both techniques.
1.1 polymorphic viruses, metamorph viruses, and viruses
Construction kit
Signature-based detection is the main method of identity
Computer virus fying [29]. However, virus makers have
has a lot of sense, and has developed various counters
Measurement. One of the initial approaches used by the virus writer is for
Encryption
