Mark Stamp, Srilatha Attaluri, Scott McGhee
Citation
Mark Stamp, Srilatha Attaluri, Scott McGhee. "Profile hidden Markov models and metamorphic virus detection". Journal in Computer Virology, 2008.
Abstract
Metamorphic computer viruses "mutate" by changing their internal structure and, consequently, different instances of the same virus may not exhibit a common signature. With the advent of construction kits, it is easy to generate metamorphic strains of a given virus.
In contrast to standard hidden Markov models (HMMs), profile hidden Markov models (PHMMs) explicitly account for positional information. In principle, this positional information could yield stronger models for virus detection. However, there are many practical difficulties that arise when using PHMMs, as compared to standard HMMs.
Profile hidden Markov models are widely used in bioinformatics. For example, PHMMs are the most effective tool yet developed for finding family-related DNA sequences. In this paper, we consider the utility of PHMMs for detecting metamorphic virus variants generated from virus construction kits. PHMMs are generated for each construction kit under consideration and the resulting models are used to score virus and non-virus files. Our results are encouraging, but several problems must be resolved for the technique to be truly practical.
Electronic downloads
(No downloads are available for this publication.)
| Citation formats |
- HTML
Mark Stamp, Srilatha Attaluri, Scott McGhee. <a href="http://www.truststc.org/pubs/422.html" >Profile hidden Markov models and metamorphic virus detection</a>, <i>Journal in Computer Virology</i>, 2008.
- Plain text
Mark Stamp, Srilatha Attaluri, Scott McGhee. "Profile hidden Markov models and metamorphic virus detection". <i>Journal in Computer Virology</i>, 2008.
- BibTeX
@article{StampAttaluriMcGhee08_ProfileHiddenMarkovModelsMetamorphicVirusDetection, author = {Mark Stamp and Srilatha Attaluri and Scott McGhee}, title = {Profile hidden Markov models and metamorphic virus detection}, journal = {Journal in Computer Virology}, year = {2008}, abstract = {Metamorphic computer viruses "mutate" by changing their internal structure and, consequently, different instances of the same virus may not exhibit a common signature. With the advent of construction kits, it is easy to generate metamorphic strains of a given virus. In contrast to standard hidden Markov models (HMMs), profile hidden Markov models (PHMMs) explicitly account for positional information. In principle, this positional information could yield stronger models for virus detection. However, there are many practical difficulties that arise when using PHMMs, as compared to standard HMMs. Profile hidden Markov models are widely used in bioinformatics. For example, PHMMs are the most effective tool yet developed for finding family-related DNA sequences. In this paper, we consider the utility of PHMMs for detecting metamorphic virus variants generated from virus construction kits. PHMMs are generated for each construction kit under consideration and the resulting models are used to score virus and non-virus files. Our results are encouraging, but several problems must be resolved for the technique to be truly practical.}, URL = {http://www.truststc.org/pubs/422.html} }
Posted by Mark Stamp on 18 Aug 2008.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.