Malware evolves over time and antivirus must adapt to such evolution. Hence, it is critical to detect those points in time where malware has evolved so that appropriate countermeasures can be undertaken. In this research, we perform a variety of experiments on a significant number of malware families to determine when malware evolution is likely to have occurred. All of the evolution detection techniques that we consider are based on machine learning and can be fully automated -- in particular, no reverse engineering or other labor-intensive manual analysis is required. Specifically, we consider analysis based on hidden Markov models (HMM) and the word embedding techniques HMM2Vec and Word2Vec.
翻译:恶意软件随着时间演变而演变,反病毒必须适应这种演变。因此,关键是要查明恶意软件演变的时间点,以便采取适当的对策。在这项研究中,我们对大量恶意软件家庭进行各种实验,以确定恶意软件演化何时可能发生。我们认为所有演化检测技术都是基于机器学习,可以完全自动化,特别是不需要反向工程或其他劳动密集型手工分析。具体地说,我们考虑基于隐藏的Markov模型(HMM)和“嵌入技术(HMM2Vec)”和“Word2Vec”等词的分析。