Abstract
Malware still pose a major threat for cyberspace security. Therefore, effective and fast detection of this threat has become an important issue in the security field. In this paper, we propose a fast and highly accurate detection system of Portable Executable (PE) malware. The proposed system relies on analyzing the fields of the PE-headers using a basic way and a more in-depth way in order to generate a set of standard attributes (SAT), and meaningful attributes (MAT) respectively. The decision phase is conducted by leveraging several machine learning classifiers, which are trained using the best K attributes according to two different feature selection methods. The experimental results are very promising, as our system outperforms two state-of-the-art solutions with respect to detection accuracy. It achieves an accuracy of 99.1% and 100% using 10-folds cross validation and train-test split validation, respectively. In both validation approaches, we only use less than 1% out of the initial set of 1329 extracted attributes. Also, our system is able to analyze a file in 0.257 s.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Battiti, R.: Using mutual information for selecting features in supervised neural net learning. IEEE Trans. Neural Netw. 5(4), 537–550 (1994)
Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: 2013 5th Conference on Information and Knowledge Technology (IKT), pp. 113–120. IEEE (2013)
Belaoued, M., Mazouzi, S.: A real-time PE-Malware detection system based on CHI-square test and PE-file features. In: Amine, A., Bellatreche, L., Elberrichi, Z., Neuhold, E.J., Wrembel, R. (eds.) CIIA 2015. IAICT, vol. 456, pp. 416–425. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19578-0_34
Belaoued, M., Mazouzi, S.: A chi-square-based decision for real-time malware detection using PE-file features. JIPS (J. Inf. Process. Syst.) 12(4), 644–660 (2016)
Belaoued, M., Mazouzi, S., Noureddine, S., Salah, B.: Using chi-square test and heuristic search for detecting metamorphic malware. In: 2015 First International Conference on New Technologies of Information and Communication (NTIC), pp. 1–4. IEEE (2015)
Dietterich, T.: Ensemble learning. In: Arbib, M.A. (ed.) The Handbook of Brain Theory and Neural Networks. MIT Press, Cambridge (2002)
Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251–266 (2008)
Kumar, A., Kuppusamy, K., Aghila, G.: A learning model to detect maliciousness of portable executable using integrated feature set. J. King Saud Univ.-Comput. Inf. Sci. 31, 252–265 (2017)
McAfee-labs: McAfee labs threats report, “March 2018”. Technical report, McAfee labs, January 2018
Moore, D.S.: Chi-square tests. Technical report, Purdue University Lafayette Indiana Department of Statistics (1976)
Pietrek, M.: Peering inside the PE: a tour of the Win32 (r) portable executable file format. Microsoft Syst. J.-US Ed. 9, 15–38 (1994)
Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 38–49. IEEE (2001)
Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Inf. Secur. Tech. Rep. 14(1), 16–29 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Belaoued, M., Guelib, B., Bounaas, Y., Derhab, A., Boufaida, M. (2019). Malware Detection System Based on an In-Depth Analysis of the Portable Executable Headers. In: Renault, É., Mühlethaler, P., Boumerdassi, S. (eds) Machine Learning for Networking. MLN 2018. Lecture Notes in Computer Science(), vol 11407. Springer, Cham. https://doi.org/10.1007/978-3-030-19945-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-19945-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19944-9
Online ISBN: 978-3-030-19945-6
eBook Packages: Computer ScienceComputer Science (R0)