Discrete hidden Markov models (HMM) are often applied to malware detection and classification problems. However, the continuous analog of discrete HMMs, that is, Gaussian mixture model-HMMs (GMM-HMM), are rarely considered in the field of cybersecurity. In this paper, we use GMM-HMMs for malware classification and we compare our results to those obtained using discrete HMMs. As features, we consider opcode sequences and entropy-based sequences. For our opcode features, GMM-HMMs produce results that are comparable to those obtained using discrete HMMs, whereas for our entropy-based features, GMM-HMMs generally improve significantly on the classification results that we have achieved with discrete HMMs.
翻译:在网络安全领域,很少考虑离散的HMM(Gossian混合物模型-HMM)的连续模拟,在本文中,我们使用GMM-HMM(GMM-HM)来对恶意软件进行分类,并将我们的结果与使用离散的HMM(HM)获得的结果进行比较。作为特征,我们考虑对代码序列和基于加密的序列。对于我们的读码特性,GMM-HMM(GMM)产生的结果与使用离散的HMMM(GM-HMM)获得的结果相似,而对于我们的基于酶的特性,GMM-HMM(GM)通常大大改进了我们使用离散的HMM(HM)的分类结果。