Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2020: Information Systems Security pp 253–266Cite as

Detection of Malign and Benign PE Files Using Texture Analysis

  • Conference paper
  • First Online:

  • 742 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12553))

Abstract

With the unlimited growth of malware and the abundant and often reckless downloading of files from the internet, it is crucial to have an efficient method that can also be scalable and fast for detecting malware on a popular operating system, Microsoft Windows. Unlike static or dynamic detection that involves disassembling the code or time-intensive execution, statistical analysis that operates directly on binary content has a distinct advantage in speed and scalability. However, high feature dimensionality and high feature extraction cost increase the complexity of the algorithm and training model as well. Higher false negatives is another major limitation in detection. To address these challenges, this paper presents binary texture analysis extended from our work [22] by deriving new statistical texture features to detect over 10,000 Windows Portable Executable (PE) files into malign and benign ones. The same features [22] extracted over PE files (both DLLs and EXEs) have yielded good accuracy but the False Negative Rate (FNR) was still high. However, new features have enhanced the analysis and thus distinguishability between benign and malign files. Relative to state-of-the-art texture-based methods, the proposed method has used smaller feature dimensionality extracted at a lower cost, and with that, it has significantly reduced FNR to 0.4% while achieving an accuracy of 99.61%. The result is also compared with other malicious file detectors. The method thus has improved the other parameters than accuracy which are vital to the overall efficiency of the detection method.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Global Stats. https://gs.statcounter.com/. Accessed 18 June 2020

  2. Manavi, F., Hamzeh, A.: A new method for malware detection using opcode visualization. In: 2017 Artificial Intelligence and Signal Processing Conference (AISP), pp. 96–102. IEEE (2017). https://doi.org/10.1109/aisp.2017.8324117

  3. Nguyen, M.H., Nguyen, D.Le., Nguyen, X.M., Quan, T.T.: Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning. Comput. Secur. 76, 128–155 (2018). https://doi.org/10.1016/j.cose.2018.02.006

    Article  Google Scholar 

  4. Saini, A., Gandotra, E., Bansal, D., Sofat, S.: Classification of PE files using static analysis. In: Proceedings of the 7th International Conference on Security of Information and Networks, pp. 429–433. ACM (2014). https://doi.org/10.1145/2659651.2659679

  5. Hou, S., Chen, L., Tas, E., Demihovskiy, I., Ye, Y.: Cluster-oriented ensemble classifiers for intelligent malware detection. In: Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015), pp. 189–196. IEEE (2015). https://doi.org/10.1109/icosc.2015.7050805

  6. Uppal, D., Sinha, R., Mehra, V., Jain, V.: Exploring behavioral aspects of API calls for Malware identification and categorization. In: 2014 International Conference on Computational Intelligence and Communication Networks, pp. 824–828. IEEE (2014). https://doi.org/10.1109/cicn.2014.176

  7. Jiang, Q., Liu, N., Zhang, W.: A feature representation method of social graph for malware detection. In: 2013 Fourth Global Congress on Intelligent Systems, pp. 139–143. IEEE (2013). https://doi.org/10.1109/gcis.2013.28

  8. Khorsand, Z., Hamzeh, A.: A novel compression-based approach for malware detection using PE header. In: The 5th Conference on Information and Knowledge Technology, pp. 127–133. IEEE (2013). https://doi.org/10.1109/ikt.2013.6620051

  9. Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J., Kim, H.: Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Comput. 22(1), 921–929 (2019). https://doi.org/10.1007/s10586-017-1110-2

    Article  Google Scholar 

  10. Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Networks 11 (2015). https://doi.org/10.1155/2015/659101

  11. Cao, Y., Miao, Q., Liu, J., Gao, L.: Abstracting minimal security-relevant behaviors for malware analysis. J. Comput. Virol. Hacking Techniq. 9(4), 193–204 (2013). https://doi.org/10.1007/s11416-013-0186-3

    Article  Google Scholar 

  12. Galal, H.S., Mahdy, Y.B., Atiea, M.A.: Behavior-based features model for malware detection. J. Comput. Virol. Hacking Techniq. 12(2), 59–67 (2016). https://doi.org/10.1007/s11416-015-0244-0

    Article  Google Scholar 

  13. Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: 2010 5th International Conference on Malicious and Unwanted Software. pp. 23–30. IEEE (2010). https://doi.org/10.1109/malware.2010.5665796

  14. Nikolopoulos, S.D., Polenakis, I.: A graph-based model for malware detection and classification using system-call groups. J. Comput. Virol. Hacking Techniq. 13(1), 29–46 (2017). https://doi.org/10.1007/s11416-016-0267-1

    Article  Google Scholar 

  15. Park, Y., Reeves, D., Mulukutla, V., Sundaravel, B.: Fast malware classification by automated behavioral graph matching. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4. ACM (2010). https://doi.org/10.1145/1852666.1852716

  16. Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden markov model for dynamic malware analysis: first impressions. In: 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 816–821. IEEE (2015). https://doi.org/10.1109/fskd.2015.7382048

  17. Han, K.S., Lim, J.H., Kang, B., Im, E.G.: Malware analysis using visualized images and entropy graphs. Int. J. Inf. Secur. 14(1), 1–14 (2015). https://doi.org/10.1007/s10207-014-0242-0

    Article  Google Scholar 

  18. Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, RACS 2013. pp. 317–321. ACM (2013). https://doi.org/10.1145/2513228.2513294

  19. Hashemi, H., Hamzeh, A.: Visual malware detection using local malicious pattern. J. Comput. Virol. Hacking Techniq. 15(1), 1–14 (2019). https://doi.org/10.1007/s11416-018-0314-1

    Article  Google Scholar 

  20. Kancherla, K., Mukkamala, S.: Image visualization based malware detection. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 40–44. IEEE (2013). https://doi.org/10.1109/cicybs.2013.6597204

  21. Zhou, X., Pang, J., Liang, G.: Image classification for malware detection using extremely randomized trees. In: 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 54–59. IEEE (2017). https://doi.org/10.1109/icasid.2017.8285743

  22. Verma, V., Muttoo, S.K., Singh, V.B.: Multiclass malware classification via first- and second-order texture statistics. Comput. Secur. 97 (2020). https://doi.org/10.1016/j.cose.2020.101895

  23. Haralick, R.M., Shanmugam, K., Dinstein, I.: Textural features for image classification. IEEE Trans. Syst. Man. Cybern. SMC-3, 610–621 (1973). https://doi.org/10.1109/tsmc.1973.4309314

  24. Malware Repository. https://virusshare.com/. Accessed 22 Jan 2020

  25. Rezaei, T., Hamze, A.: An efficient approach for malware detection using PE header specifications. In: 2020 6th International Conference on Web Research (ICWR), pp. 234–239. IEEE (2020). https://doi.org/10.1109/icwr49608.2020.9122312

  26. Belaoued, M., Mazouzi, S.: A real-time PE-malware detection system based on CHI-square test and PE-file features. In: Computer Science and Its Applications, CIIA 2015. IFIP AICT, pp. 416–425 (2015). https://doi.org/10.1007/978-3-319-19578-0_34

  27. Li, B., Zhang, Y., Yao, J., Yin, T.: MDBA: Detecting Malware based on Bytes N-Gram with Association Mining. In: 2019 26th International Conference on Telecommunications (ICT), pp. 227–232. IEEE (2019). https://doi.org/10.1109/ict.2019.8798828

  28. Ding, Y., Chen, S., Xu, J.: Application of Deep Belief Networks for opcode based malware detection. In: 2016 International Joint Conference on Neural Networks (IJCNN), pp. 3901–3908. IEEE (2016). https://doi.org/10.1109/ijcnn.2016.7727705

  29. Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16–25 (2016). https://doi.org/10.1016/j.eswa.2016.01.002

    Article  Google Scholar 

  30. Saini, A., Gandotra, E., Bansal, D., Sofat, S.: Classification of PE files using static analysis. In: Proceedings of the 7th International Conference on Security of Information and Networks, pp. 429–433. ACM (2014). https://doi.org/10.1145/2659651.2659679

  31. Yang, L., Liu, J.: TuningMalconv: malware detection with not just raw bytes. IEEE Access. 8, 140915–140922 (2020). https://doi.org/10.1109/ACCESS.2020.3014245

    Article  Google Scholar 

  32. Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337–2342. IEEE (2014). https://doi.org/10.1109/icacci.2014.6968547

  33. Zhou, H.: Malware detection with neural network using combined features. In: CNCERT 2018, CCIS, pp. 96–106 (2019). https://doi.org/10.1007/978-981-13-6621-5_8

  34. Huang, X., Ma, L., Yang, W., Zhong, Y.: A method for windows malware detection based on deep learning. J. Signal Process. Syst. (2020). https://doi.org/10.1007/s11265-020-01588-1

  35. Zhao, J., Zhang, S., Liu, B., B.C.: Malware detection using machine learning based on the combination of dynamic and static features. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN). IEEE (2018). https://doi.org/10.1109/icccn.2018.8487459

  36. Saleh, M., Li, T., Xu, S.: Multi-context features for detecting malicious programs. J. Comput. Virol. Hacking Techniq. 14(2), 181–193 (2018). https://doi.org/10.1007/s11416-017-0304-8

    Article  Google Scholar 

Download references

Acknowledgments

All the authors have contributed to the work without any conflict of interest. The authors in particular thank VirusShare.com for providing access to their malware repository, and to the publisher of [22] to include the author’s rights that enable us to extend our work. To specify, the study has not received any grant from any funding agencies.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Delhi, Delhi, India

    Vinita Verma & Sunil K. Muttoo

  2. Department of Computer Science, Delhi College of Arts and Commerce, University of Delhi, Delhi, India

    V. B. Singh

Authors
  1. Vinita Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunil K. Muttoo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. B. Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vinita Verma .

Editor information

Editors and Affiliations

  1. UNSW Sydney, Sydney, NSW, Australia

    Salil Kanhere

  2. IIT Bombay, Mumbai, India

    Vishwas T Patil

  3. IIT Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  4. IIT Jammu, Jammu, India

    Manoj S Gaur

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Verma, V., Muttoo, S.K., Singh, V.B. (2020). Detection of Malign and Benign PE Files Using Texture Analysis. In: Kanhere, S., Patil, V.T., Sural, S., Gaur, M.S. (eds) Information Systems Security. ICISS 2020. Lecture Notes in Computer Science(), vol 12553. Springer, Cham. https://doi.org/10.1007/978-3-030-65610-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65610-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65609-6

  • Online ISBN: 978-3-030-65610-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation