Abstract
With the unlimited growth of malware and the abundant and often reckless downloading of files from the internet, it is crucial to have an efficient method that can also be scalable and fast for detecting malware on a popular operating system, Microsoft Windows. Unlike static or dynamic detection that involves disassembling the code or time-intensive execution, statistical analysis that operates directly on binary content has a distinct advantage in speed and scalability. However, high feature dimensionality and high feature extraction cost increase the complexity of the algorithm and training model as well. Higher false negatives is another major limitation in detection. To address these challenges, this paper presents binary texture analysis extended from our work [22] by deriving new statistical texture features to detect over 10,000 Windows Portable Executable (PE) files into malign and benign ones. The same features [22] extracted over PE files (both DLLs and EXEs) have yielded good accuracy but the False Negative Rate (FNR) was still high. However, new features have enhanced the analysis and thus distinguishability between benign and malign files. Relative to state-of-the-art texture-based methods, the proposed method has used smaller feature dimensionality extracted at a lower cost, and with that, it has significantly reduced FNR to 0.4% while achieving an accuracy of 99.61%. The result is also compared with other malicious file detectors. The method thus has improved the other parameters than accuracy which are vital to the overall efficiency of the detection method.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Global Stats. https://gs.statcounter.com/. Accessed 18 June 2020
Manavi, F., Hamzeh, A.: A new method for malware detection using opcode visualization. In: 2017 Artificial Intelligence and Signal Processing Conference (AISP), pp. 96–102. IEEE (2017). https://doi.org/10.1109/aisp.2017.8324117
Nguyen, M.H., Nguyen, D.Le., Nguyen, X.M., Quan, T.T.: Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning. Comput. Secur. 76, 128–155 (2018). https://doi.org/10.1016/j.cose.2018.02.006
Saini, A., Gandotra, E., Bansal, D., Sofat, S.: Classification of PE files using static analysis. In: Proceedings of the 7th International Conference on Security of Information and Networks, pp. 429–433. ACM (2014). https://doi.org/10.1145/2659651.2659679
Hou, S., Chen, L., Tas, E., Demihovskiy, I., Ye, Y.: Cluster-oriented ensemble classifiers for intelligent malware detection. In: Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015), pp. 189–196. IEEE (2015). https://doi.org/10.1109/icosc.2015.7050805
Uppal, D., Sinha, R., Mehra, V., Jain, V.: Exploring behavioral aspects of API calls for Malware identification and categorization. In: 2014 International Conference on Computational Intelligence and Communication Networks, pp. 824–828. IEEE (2014). https://doi.org/10.1109/cicn.2014.176
Jiang, Q., Liu, N., Zhang, W.: A feature representation method of social graph for malware detection. In: 2013 Fourth Global Congress on Intelligent Systems, pp. 139–143. IEEE (2013). https://doi.org/10.1109/gcis.2013.28
Khorsand, Z., Hamzeh, A.: A novel compression-based approach for malware detection using PE header. In: The 5th Conference on Information and Knowledge Technology, pp. 127–133. IEEE (2013). https://doi.org/10.1109/ikt.2013.6620051
Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J., Kim, H.: Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Comput. 22(1), 921–929 (2019). https://doi.org/10.1007/s10586-017-1110-2
Ki, Y., Kim, E., Kim, H.K.: A novel approach to detect malware based on API call sequence analysis. Int. J. Distrib. Sens. Networks 11 (2015). https://doi.org/10.1155/2015/659101
Cao, Y., Miao, Q., Liu, J., Gao, L.: Abstracting minimal security-relevant behaviors for malware analysis. J. Comput. Virol. Hacking Techniq. 9(4), 193–204 (2013). https://doi.org/10.1007/s11416-013-0186-3
Galal, H.S., Mahdy, Y.B., Atiea, M.A.: Behavior-based features model for malware detection. J. Comput. Virol. Hacking Techniq. 12(2), 59–67 (2016). https://doi.org/10.1007/s11416-015-0244-0
Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: 2010 5th International Conference on Malicious and Unwanted Software. pp. 23–30. IEEE (2010). https://doi.org/10.1109/malware.2010.5665796
Nikolopoulos, S.D., Polenakis, I.: A graph-based model for malware detection and classification using system-call groups. J. Comput. Virol. Hacking Techniq. 13(1), 29–46 (2017). https://doi.org/10.1007/s11416-016-0267-1
Park, Y., Reeves, D., Mulukutla, V., Sundaravel, B.: Fast malware classification by automated behavioral graph matching. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4. ACM (2010). https://doi.org/10.1145/1852666.1852716
Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden markov model for dynamic malware analysis: first impressions. In: 2015 12th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 816–821. IEEE (2015). https://doi.org/10.1109/fskd.2015.7382048
Han, K.S., Lim, J.H., Kang, B., Im, E.G.: Malware analysis using visualized images and entropy graphs. Int. J. Inf. Secur. 14(1), 1–14 (2015). https://doi.org/10.1007/s10207-014-0242-0
Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, RACS 2013. pp. 317–321. ACM (2013). https://doi.org/10.1145/2513228.2513294
Hashemi, H., Hamzeh, A.: Visual malware detection using local malicious pattern. J. Comput. Virol. Hacking Techniq. 15(1), 1–14 (2019). https://doi.org/10.1007/s11416-018-0314-1
Kancherla, K., Mukkamala, S.: Image visualization based malware detection. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 40–44. IEEE (2013). https://doi.org/10.1109/cicybs.2013.6597204
Zhou, X., Pang, J., Liang, G.: Image classification for malware detection using extremely randomized trees. In: 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 54–59. IEEE (2017). https://doi.org/10.1109/icasid.2017.8285743
Verma, V., Muttoo, S.K., Singh, V.B.: Multiclass malware classification via first- and second-order texture statistics. Comput. Secur. 97 (2020). https://doi.org/10.1016/j.cose.2020.101895
Haralick, R.M., Shanmugam, K., Dinstein, I.: Textural features for image classification. IEEE Trans. Syst. Man. Cybern. SMC-3, 610–621 (1973). https://doi.org/10.1109/tsmc.1973.4309314
Malware Repository. https://virusshare.com/. Accessed 22 Jan 2020
Rezaei, T., Hamze, A.: An efficient approach for malware detection using PE header specifications. In: 2020 6th International Conference on Web Research (ICWR), pp. 234–239. IEEE (2020). https://doi.org/10.1109/icwr49608.2020.9122312
Belaoued, M., Mazouzi, S.: A real-time PE-malware detection system based on CHI-square test and PE-file features. In: Computer Science and Its Applications, CIIA 2015. IFIP AICT, pp. 416–425 (2015). https://doi.org/10.1007/978-3-319-19578-0_34
Li, B., Zhang, Y., Yao, J., Yin, T.: MDBA: Detecting Malware based on Bytes N-Gram with Association Mining. In: 2019 26th International Conference on Telecommunications (ICT), pp. 227–232. IEEE (2019). https://doi.org/10.1109/ict.2019.8798828
Ding, Y., Chen, S., Xu, J.: Application of Deep Belief Networks for opcode based malware detection. In: 2016 International Joint Conference on Neural Networks (IJCNN), pp. 3901–3908. IEEE (2016). https://doi.org/10.1109/ijcnn.2016.7727705
Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16–25 (2016). https://doi.org/10.1016/j.eswa.2016.01.002
Saini, A., Gandotra, E., Bansal, D., Sofat, S.: Classification of PE files using static analysis. In: Proceedings of the 7th International Conference on Security of Information and Networks, pp. 429–433. ACM (2014). https://doi.org/10.1145/2659651.2659679
Yang, L., Liu, J.: TuningMalconv: malware detection with not just raw bytes. IEEE Access. 8, 140915–140922 (2020). https://doi.org/10.1109/ACCESS.2020.3014245
Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337–2342. IEEE (2014). https://doi.org/10.1109/icacci.2014.6968547
Zhou, H.: Malware detection with neural network using combined features. In: CNCERT 2018, CCIS, pp. 96–106 (2019). https://doi.org/10.1007/978-981-13-6621-5_8
Huang, X., Ma, L., Yang, W., Zhong, Y.: A method for windows malware detection based on deep learning. J. Signal Process. Syst. (2020). https://doi.org/10.1007/s11265-020-01588-1
Zhao, J., Zhang, S., Liu, B., B.C.: Malware detection using machine learning based on the combination of dynamic and static features. In: 2018 27th International Conference on Computer Communication and Networks (ICCCN). IEEE (2018). https://doi.org/10.1109/icccn.2018.8487459
Saleh, M., Li, T., Xu, S.: Multi-context features for detecting malicious programs. J. Comput. Virol. Hacking Techniq. 14(2), 181–193 (2018). https://doi.org/10.1007/s11416-017-0304-8
Acknowledgments
All the authors have contributed to the work without any conflict of interest. The authors in particular thank VirusShare.com for providing access to their malware repository, and to the publisher of [22] to include the author’s rights that enable us to extend our work. To specify, the study has not received any grant from any funding agencies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Verma, V., Muttoo, S.K., Singh, V.B. (2020). Detection of Malign and Benign PE Files Using Texture Analysis. In: Kanhere, S., Patil, V.T., Sural, S., Gaur, M.S. (eds) Information Systems Security. ICISS 2020. Lecture Notes in Computer Science(), vol 12553. Springer, Cham. https://doi.org/10.1007/978-3-030-65610-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-65610-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65609-6
Online ISBN: 978-3-030-65610-2
eBook Packages: Computer ScienceComputer Science (R0)