Detecting Encrypted and Polymorphic Malware Using Hidden Markov Models

Authors

Dhiviya Dhanasekar, San Jose State University
Fabio Troia, San Jose State University
Katerina Potika, San Jose State UniversityFollow
Mark Stamp, San Jose State UniversityFollow
Simon Parkinson, University of Huddersfield
Andrew Crampton, University of Huddersfield
Richard Hill, University of Huddersfield

Publication Date

January 2018

Document Type

Contribution to a Book

Publication Title

Guide to Vulnerability Analysis for Computer Networks and Systems — An Artificial Intelligence Approach

DOI

10.1007/978-3-319-92624-7_12

First Page

281

Last Page

299

Abstract

Encrypted code is often present in some types of advanced malware, while such code virtually never appears in legitimate applications. Hence, the presence of encrypted code within an executable file could serve as a strong heuristic for malware detection. In this chapter, we consider the feasibility of detecting encrypted segments within an executable file using hidden Markov models.

Keywords

Encrypted Code, Malware Detection, Metamorphic Viruses, Polymorphic Viruses, Boot Sector

Recommended Citation

Dhiviya Dhanasekar, Fabio Troia, Katerina Potika, Mark Stamp, Simon Parkinson, Andrew Crampton, and Richard Hill. "Detecting Encrypted and Polymorphic Malware Using Hidden Markov Models" Guide to Vulnerability Analysis for Computer Networks and Systems — An Artificial Intelligence Approach (2018): 281-299. https://doi.org/10.1007/978-3-319-92624-7_12