Behavior-based Malware Analysis using Profile Hidden Markov Models

Saradha Ravi; N. Balakrishnan; Bharath Venkatesh

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Behavior-based Malware Analysis using Profile Hidden Markov Models

Topics: Intrusion Detection & Prevention; Management of Computing Security; Security Engineering; Software Security

In Proceedings of the 10th International Conference on Security and Cryptography - Volume 0ICETE, 195-206, 2013 , Reykjavík, Iceland

Authors: Saradha Ravi ; N. Balakrishnan and Bharath Venkatesh

Affiliation: Indian Institute of Science, India

Keyword(s): Behavior-based Malware Analysis, Profile Hidden Markov Model, Multiple Sequence Alignment, Malware Classification, Metamorphic Viruses, Clustering.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Information Assurance ; Intrusion Detection & Prevention ; Management of Computing Security ; Security Engineering ; Security in Information Systems ; Software Security

Abstract: In the area of malware analysis, static binary analysis techniques are becoming increasingly difficult with the code obfuscation methods and code packing employed when writing the malware. The behavior-based analysis techniques are being used in large malware analysis systems because of this reason. In these dynamic analysis systems, the malware samples are executed and monitored in a controlled environment using tools such as CWSandbox(Willems et al., 2007). In previous works, a number of clustering and classification techniques from machine learning and data mining have been used to classify the malwares into families and to identify even new malware families, from the behavior reports. In our work, we propose to use the Profile Hidden Markov Model to classify the malware files into families or groups based on their behavior on the host system. PHMM has been used extensively in the area of bioinformatics to search for similar protein and DNA sequences in a large database. We see th at using this particular model will help us overcome the hurdle posed by polymorphism that is common in malware today. We show that the classification accuracy is high and comparable with the state-of-art-methods, even when using very few training samples for building models. The experiments were on a dataset with 24 families initially, and later using a larger dataset with close to 400 different families of malware. A fast clustering method to group malware with similar behaviour following the scoring on the PHMMprofile database was used for the large dataset. We have presented the challenges in the evaluation methods and metrics of clustering on large number of malware files and show the effectiveness of using profile hidden model models for known malware families. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.16.47.89

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Ravi, S.; Balakrishnan, N. and Venkatesh, B. (2013). Behavior-based Malware Analysis using Profile Hidden Markov Models. In Proceedings of the 10th International Conference on Security and Cryptography (ICETE 2013) - SECRYPT; ISBN 978-989-8565-73-0; ISSN 2184-3236, SciTePress, pages 195-206. DOI: 10.5220/0004528201950206

@conference{secrypt13,
author={Saradha Ravi. and N. Balakrishnan. and Bharath Venkatesh.},
title={Behavior-based Malware Analysis using Profile Hidden Markov Models},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography (ICETE 2013) - SECRYPT},
year={2013},
pages={195-206},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004528201950206},
isbn={978-989-8565-73-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Security and Cryptography (ICETE 2013) - SECRYPT
TI - Behavior-based Malware Analysis using Profile Hidden Markov Models
SN - 978-989-8565-73-0
IS - 2184-3236
AU - Ravi, S.
AU - Balakrishnan, N.
AU - Venkatesh, B.
PY - 2013
SP - 195
EP - 206
DO - 10.5220/0004528201950206
PB - SciTePress