Advanced search
Publication Cover
Journal of the American Statistical Association Volume 113, 2018 - Issue 524
Submit an article Journal homepage
615
Views
3
CrossRef citations to date
0
Altmetric
Applications and Case Studies

Malware Family Discovery Using Reversible Jump MCMC Sampling of Regimes

Alexander D. BoltonDepartment of Mathematics, Imperial College London, London, United KingdomORCID Iconhttp://orcid.org/0000-0001-6419-1908View further author information
ORCID Icon &
Nicholas A. HeardDepartment of Mathematics, Imperial College London, London, United Kingdom;Heilbronn Institute for Mathematical Research, University of Bristol, Bristol, United KingdomORCID Iconhttp://orcid.org/0000-0002-8767-0810View further author information
ORCID Icon
Pages 1490-1502 | Received 01 Feb 2016, Published online: 11 Jul 2018

References

  • Anderson, B., Lane, T., and Hash, C. (2014), “Malware Phylogenetics Based on the Multiview Graphical Lasso,” in Advances in Intelligent Data Analysis XIII, eds. H. Blockeel, M. van Leeuwen, and V. Vinciotti, Vol. 8819 of Lecture Notes in Computer Science, Cham: Springer International Publishing, pp. 1–12.
  • Beal, M. J., Ghahramani, Z., and Rasmussen, C. E. (2002), “The Infinite Hidden Markov Model,” in Neural Information Processing Systems 14, eds. T. G. Dietterich, S. Becker, and Z. Ghahramani, Cambridge, MA: MIT Press, pp. 577–585.
  • Bolton, A., and Heard, N. (2014), “Application of a Linear Time Method for Change Point Detection to the Classification of Software,” in Proceedings of the IEEE Joint Intelligence and Security Informatics Conference (JISIC), The Hague: IEEE, pp. 292–295.
  • Brooks, S. P., and Gelman, A. (1998), “General Methods for Monitoring Convergence of Iterative Simulations,” Journal of Computational and Graphical Statistics, 7, 434–455.
  • Chib, S. (1996), “Calculating Posterior Distributions and Modal Estimates in Markov Mixture Models,” Journal of Econometrics, 75, 79–97.
  • Contagio (2013), “Mandiant APT1 Samples Categorized by Malware Families,” available at: http://contagiodump.blogspot.co.uk/2013/03/mandiant-apt1-samples-categorized-by.html.
  • Dai, J., Guha, R., and Lee, J. (2009), “Efficient Virus Detection Using Dynamic Instruction Sequences,” Journal of Computers, 4, 405–414.
  • Denison, D. G. T., Holmes, C. C., Mallick, B. K., and Smith, A. F. M. (2002), Bayesian Methods for Nonlinear Classification and Regression, Wiley Series in Probability and Statistics, Chichester: Wiley.
  • Domingos, P., and Provost, F. (2000), “Well-Trained PETs: Improving Probability Estimation Trees,” CDER Working Paper 00-04-IS, Stern School of Business.
  • Fisher, R. A. (1929), Statistical Methods for Research Workers, Edinburgh: Oliver & Boyd.
  • Fitzpatrick, M., and Marchev, D. (2013), “Efficient Bayesian Estimation of the Multivariate Double Chain Markov Model,” Statistics and Computing, 23, 467–480.
  • Goldfeld, S. M., and Quandt, R. E. (1973), “A Markov Model for Switching Regressions,” Journal of Econometrics, 1, 3–15.
  • Green, P. J. (1995), “Reversible Jump Markov Chain Monte Carlo Computation and Bayesian Model Determination,” Biometrika, 82, 711–732.
  • Han, D., and Tsung, F. (2009), “The Optimal Stopping Time for Detecting Changes in Discrete Time Markov Processes,” Sequential Analysis, 28, 115–135.
  • Kass, R. E., Carlin, B. P., Gelman, A., and Neal, R. M. (1998), “Markov Chain Monte Carlo in Practice: A Roundtable Discussion,” The American Statistician, 52, 93–100.
  • Killick, R., Fearnhead, P., and Eckley, I. A. (2012), “Optimal Detection of Changepoints with a Linear Computational Cost,” Journal of the American Statistical Association, 107, 1590–1598.
  • McAfee (2017), “McAfee Labs Threats Report June 2017,” available at: https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017.pdf.
  • Page, E. S. (1954), “Continuous Inspection Schemes,” Biometrika, 41, 100–115.
  • Polansky, A. M. (2007), “Detecting Change-Points in Markov Chains,” Computational Statistics and Data Analysis, 51, 6013–6026.
  • Royal, P., Halpin, M., Dagon, D., Edmonds, R., and Lee, W. (2006), “PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware,” in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC ’06), Miami, FL: IEEE, pp. 289–300.
  • Storlie, C., Anderson, B., Vander Wiel, S., Quist, D., Hash, C., and Brown, N. (2014), “Stochastic Identification of Malware with Dynamic Traces,” The Annals of Applied Statistics, 8, 1–18.
  • Tartakovsky, A. G., Rozovskii, B. L., Blažek, R. B., and Kim, H. (2006), “Detection of Intrusions in Information Systems by Sequential Change-Point Methods,” Statistical Methodology, 3, 252–293.
  • Van Gael, J., Saatci, Y., Teh, Y. W., and Ghahramani, Z. (2008), “Beam Sampling for the Infinite Hidden Markov Model,” in Proceedings of the 25th International Conference on Machine Learning (ICML ’08), New York: ACM, pp. 1088–1095.
  • Vasas, K., Elek, P., and Márkus, L. (2007), “A Two-State Regime Switching Autoregressive Model with an Application to River Flow Analysis,” Journal of Statistical Planning and Inference, 137, 3113–3126, Special Issue: Bayesian Inference for Stochastic Processes.
  • Xian, J.-G., Han, D., and Yu, J.-Q. (2016), “Online Change Detection of Markov Chains With Unknown Post-Change Transition Probabilities,” Communications in Statistics—Theory and Methods, 45, 597–611.
  • Xing, H., Sun, N., and Chen, Y. (2012), “Credit Rating Dynamics in the Presence of Unknown Structural Breaks,” Journal of Banking and Finance, 36, 78–89.
  • Yakir, B. (1994), “Optimal Detection of a Change in Distribution When the Observations Form a Markov Chain with a Finite State Space,” Lecture Notes – Monograph Series, 23, 346–358.
  • Zhao, H., and Marriott, P. (2014), “Variational Bayes for Regime-Switching Log-Normal Models,” Entropy, 16, 3832.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.