Malware classification with GMM-HMM models

Authors

Jing Zhao, San Jose State University
Samanvitha Basole, San Jose State University
Mark Stamp, San Jose State UniversityFollow

Publication Date

1-1-2021

Document Type

Conference Proceeding

Publication Title

ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy

DOI

10.5220/0010409907530762

First Page

753

Last Page

762

Abstract

Discrete hidden Markov models (HMM) are often applied to malware detection and classification problems. However, the continuous analog of discrete HMMs, that is, Gaussian mixture model-HMMs (GMM-HMM), are rarely considered in the field of cybersecurity. In this paper, we use GMM-HMMs for malware classification and we compare our results to those obtained using discrete HMMs. As features, we consider opcode sequences and entropy-based sequences. For our opcode features, GMM-HMMs produce results that are comparable to those obtained using discrete HMMs, whereas for our entropy-based features, GMM-HMMs generally improve significantly on the classification results that we have achieved with discrete HMMs.

Keywords

Gaussian Mixture Model, GMM-HMM, Hidden Markov Model, HMM, Malware

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Department

Computer Science

Recommended Citation

Jing Zhao, Samanvitha Basole, and Mark Stamp. "Malware classification with GMM-HMM models" ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy (2021): 753-762. https://doi.org/10.5220/0010409907530762