# Malware Detection Using Dynamic Birthmarks

**Authors:** Swapna Vemparala, Fabio Di Troia, Corrado A. Visaggio, Thomas H., Austin, and Mark Stamp

arXiv: 1901.07312 · 2019-01-23

## TL;DR

This paper evaluates dynamic analysis techniques, specifically Hidden Markov Models and Profile Hidden Markov Models, for malware detection based on API call sequences, showing that dynamic analysis outperforms static methods and PHMMs outperform HMMs.

## Contribution

It introduces and compares dynamic analysis methods for malware detection, demonstrating the superior performance of PHMMs over HMMs and static analysis.

## Key findings

- Dynamic analysis with HMMs and PHMMs is more effective than static analysis.
- PHMMs outperform HMMs in malware detection.
- Dynamic analysis techniques achieve significantly stronger results in many cases.

## Abstract

In this paper, we explore the effectiveness of dynamic analysis techniques for identifying malware, using Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), both trained on sequences of API calls. We contrast our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in contrasting our two dynamic analysis techniques, we find that using PHMMs consistently outperforms our analysis based on HMMs.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1901.07312/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1901.07312/full.md

## References

44 references — full list in the complete paper: https://tomesphere.com/paper/1901.07312/full.md

---
Source: https://tomesphere.com/paper/1901.07312