Detecting Metamorphic Virus Using Hidden Markov Model and Genetic Algorithm
Metamorphic viruses dodges the classical signature-based detection system by modifying internal structure without compromising on the original functionality. To solve this problem, some machine learning technique, like Hidden Markov model (HMM) and Neural Network are can be used. HMM is a state machine where each state observes the input data with appropriate observation probability. HMM learns statistical properties of antivirus features rather than signatures and relies on such statistics to detect same family virus. Each HMM when trained with variants of same family viruses that are generated by same metamorphic engine so that HMM can detect similar viruses with high probability. But, in order to make the HMM detect viruses, there are three basic criteria that needs to be satisfied. Generally in most of the HMM based techniques, Baum-Welch method is used for solving one of the three problems, i.e, estimating the parameters of the corresponding HMM given an output sequence. In this paper, we have used the Genetic Algorithm to solve the problem. The selection of Genetic algorithm over the conventional Baum- Welch method lies in the non-linearity of the genetic algorithm. The Baum-Welch algorithm, being linear in nature, suffers from the local optima problem, which we have tried to overcome using our scheme.
KeywordsGenetic Algorithm Hide Markov Model Observation Sequence Virus Family Computer Virus
Unable to display preview. Download preview PDF.
- 1.Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)Google Scholar
- 2.Kephart, J., William, A.: Automatic extraction of computer virus signatures. In: Proceedings of the 4th International Virus Bulletin Conference, pp. 178–184 (1994)Google Scholar
- 3.Wong, W.: Analysis and detection of metamorphic computer viruses. Master’s thesis, San Jose State University (2006)Google Scholar
- 4.Feng, M., Gupta, R.: Detecting virus mutations via dynamic matching. In: IEEE International Conference on Software Maintenance, pp. 105–114 (2009)Google Scholar
- 5.Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: IEEE Symposium on Security and Privacy, p. 0038 (2001)Google Scholar
- 8.Attaluri, S.: Detecting metamorphic viruses using profile hidden markov models. Master’s thesis, San Jose State University (2007)Google Scholar
- 9.Kim, D.H., Lee, T., Jung, S.-O.D., In, H.P., Lee, H.J.: Cyber threat trend analysis model using hmm. In: Third International Symposium on Information Assurance and Security, pp. 177–182 (2007)Google Scholar
- 10.Govindaraj, S.: Practical detection of metamorphic computer viruses. San Jose State University. Tech. Rep. (2008)Google Scholar
- 11.Dempster, P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the em algorithm. Royal Statistical Society, 1–38 (1977)Google Scholar
- 12.Sivanandam, S.N., Deepa, S.N.: Introduction to Genetic Algorithm. Springer (2008)Google Scholar