Malware Detection Using Dynamic Birthmarks
This work addresses malware detection for cybersecurity, but it is incremental as it applies existing methods (HMMs/PHMMs) to a known problem with comparative improvements.
The paper tackled malware detection by comparing dynamic analysis using HMMs and PHMMs on API call sequences to static analysis on opcode sequences, finding that dynamic analysis significantly outperforms static analysis and PHMMs consistently beat HMMs.
In this paper, we explore the effectiveness of dynamic analysis techniques for identifying malware, using Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), both trained on sequences of API calls. We contrast our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in contrasting our two dynamic analysis techniques, we find that using PHMMs consistently outperforms our analysis based on HMMs.