Discrete hidden Markov models (HMM) are often applied to malware detection and classification problems. However, the continuous analog of discrete HMMs, that is, Gaussian mixture model-HMMs (GMM-HMM), are rarely considered in the field of cybersecurity. In this paper, we use GMM-HMMs for malware classification and we compare our results to those obtained using discrete HMMs. As features, we consider opcode sequences and entropy-based sequences. For our opcode features, GMM-HMMs produce results that are comparable to those obtained using discrete HMMs, whereas for our entropy-based features, GMM-HMMs generally improve significantly on the classification results that we have achieved with discrete HMMs.

中文翻译：

---

使用GMM-HMM模型的恶意软件分类

离散隐马尔可夫模型（HMM）通常用于恶意软件检测和分类问题。但是，在网络安全领域很少考虑离散HMM的连续模拟，即高斯混合模型HMM（GMM-HMM）。在本文中，我们将GMM-HMM用于恶意软件分类，并将我们的结果与使用离散HMM获得的结果进行比较。作为功​​能，我们考虑操作码序列和基于熵的序列。对于我们的操作码功能，GMM-HMM产生的结果可与使用离散HMM取得的结果相媲美，而对于基于熵的功能，GMM-HMM通常会大大提高我们使用离散HMM取得的分类结果。