In this paper, we explore the effectiveness of dynamic analysis techniques for identifying malware, using Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), both trained on sequences of API calls. We contrast our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in contrasting our two dynamic analysis techniques, we find that using PHMMs consistently outperforms our analysis based on HMMs.
@article{arxiv.1901.07312,
title = {Malware Detection Using Dynamic Birthmarks},
author = {Swapna Vemparala and Fabio Di Troia and Corrado A. Visaggio and Thomas H. Austin and Mark Stamp},
journal= {arXiv preprint arXiv:1901.07312},
year = {2019}
}