Proposing an HMM-based approach to detect metamorphic malware

Previous research has shown that hidden Markov model (HMM) is a compelling option for malware identification. However, some advanced metamorphic malware have proven to be more challenging to detect with these techniques. In this paper, we separated the importance of the some part of the malware files to train the HMMs aiming at extracting the significant sequences of malware opcodes. These parts have been deemed important according to their dissimilarity to the benign files, as all parts of a malware file are not representative of the malicious nature. Extracting these parts has been performed using the methods similar to sound processing. The results demonstrate that the proposed method has the higher accuracy to the metamorphic malware detection and also has the higher speed at classification, compared to the previous methods.