Abstract
Metamorphic viruses dodges the classical signature-based detection system by modifying internal structure without compromising on the original functionality. To solve this problem, some machine learning technique, like Hidden Markov model (HMM) and Neural Network are can be used. HMM is a state machine where each state observes the input data with appropriate observation probability. HMM learns statistical properties of antivirus features rather than signatures and relies on such statistics to detect same family virus. Each HMM when trained with variants of same family viruses that are generated by same metamorphic engine so that HMM can detect similar viruses with high probability. But, in order to make the HMM detect viruses, there are three basic criteria that needs to be satisfied. Generally in most of the HMM based techniques, Baum-Welch method is used for solving one of the three problems, i.e, estimating the parameters of the corresponding HMM given an output sequence. In this paper, we have used the Genetic Algorithm to solve the problem. The selection of Genetic algorithm over the conventional Baum- Welch method lies in the non-linearity of the genetic algorithm. The Baum-Welch algorithm, being linear in nature, suffers from the local optima problem, which we have tried to overcome using our scheme.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)
Kephart, J., William, A.: Automatic extraction of computer virus signatures. In: Proceedings of the 4th International Virus Bulletin Conference, pp. 178–184 (1994)
Wong, W.: Analysis and detection of metamorphic computer viruses. Master’s thesis, San Jose State University (2006)
Feng, M., Gupta, R.: Detecting virus mutations via dynamic matching. In: IEEE International Conference on Software Maintenance, pp. 105–114 (2009)
Schultz, M., Eskin, E., Zadok, E., Stolfo, S.: Data mining methods for detection of new malicious executables. In: IEEE Symposium on Security and Privacy, p. 0038 (2001)
Tesauro, G., Kephart, J., Sorkin, G.: Neural networks for computer virus recognition. IEEE Expert 11, 5–6 (1996)
Rabiner, L.: A tutorial on hidden markov models and selected applications in speech recognition. Proceedings of the IEEE 77, 257–286 (1989)
Attaluri, S.: Detecting metamorphic viruses using profile hidden markov models. Master’s thesis, San Jose State University (2007)
Kim, D.H., Lee, T., Jung, S.-O.D., In, H.P., Lee, H.J.: Cyber threat trend analysis model using hmm. In: Third International Symposium on Information Assurance and Security, pp. 177–182 (2007)
Govindaraj, S.: Practical detection of metamorphic computer viruses. San Jose State University. Tech. Rep. (2008)
Dempster, P., Laird, N.M., Rubin, D.B.: Maximum likelihood from incomplete data via the em algorithm. Royal Statistical Society, 1–38 (1977)
Sivanandam, S.N., Deepa, S.N.: Introduction to Genetic Algorithm. Springer (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer India Pvt. Ltd.
About this paper
Cite this paper
Dastidar, S.G., Mandal, S., Barbhuiya, F.A., Nandi, S. (2012). Detecting Metamorphic Virus Using Hidden Markov Model and Genetic Algorithm. In: Deep, K., Nagar, A., Pant, M., Bansal, J. (eds) Proceedings of the International Conference on Soft Computing for Problem Solving (SocProS 2011) December 20-22, 2011. Advances in Intelligent and Soft Computing, vol 131. Springer, New Delhi. https://doi.org/10.1007/978-81-322-0491-6_30
Download citation
DOI: https://doi.org/10.1007/978-81-322-0491-6_30
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-0490-9
Online ISBN: 978-81-322-0491-6
eBook Packages: EngineeringEngineering (R0)