ABSTRACT
This chapter discusses two applications of profile hidden Markov models (PHMM) to problems in information security. First, it considers the topic of masquerade detection, which is a special case of intrusion detection. Then it shows that PHMMs can be effective for malware detection, at least in certain cases. The chapter presents the experiments that following seven Windows malware families: They are Cridex, Harebot, Security Shield, Smart HDD, Winwebsec, Zbot and Zeroaccess. Malware has become increasingly difficult to detect with standard approaches, such as signature scanning. Consequently, new techniques are needed, and machine learning is a promising line of research. Hidden Markov models (HMMs) have been used effectively for malware detection in previous work. In contrast, PHMMs seem to have been rarely studied in the context, with previous results being mixed, at best. However, the research summarized here makes it clear that PHMMs can be effective for malware detection.
