A Malware Detection Scheme Based on Mining Format Information
Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-d...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/260905 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832552094181097472 |
|---|---|
| author | Jinrong Bai Junfeng Wang Guozhong Zou |
| author_facet | Jinrong Bai Junfeng Wang Guozhong Zou |
| author_sort | Jinrong Bai |
| collection | DOAJ |
| description | Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates. |
| format | Article |
| id | doaj-art-b7a2b86d84bf47baa15f3be8db610581 |
| institution | Kabale University |
| issn | 2356-6140 1537-744X |
| language | English |
| publishDate | 2014-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | The Scientific World Journal |
| spelling | doaj-art-b7a2b86d84bf47baa15f3be8db6105812025-02-03T05:59:34ZengWileyThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/260905260905A Malware Detection Scheme Based on Mining Format InformationJinrong Bai0Junfeng Wang1Guozhong Zou2College of Computer Science, Sichuan University, Chengdu 610065, ChinaCollege of Computer Science, Sichuan University, Chengdu 610065, ChinaSchool of Information Technology and Engineering, Yuxi Normal University, Yuxi 653100, ChinaMalware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.http://dx.doi.org/10.1155/2014/260905 |
| spellingShingle | Jinrong Bai Junfeng Wang Guozhong Zou A Malware Detection Scheme Based on Mining Format Information The Scientific World Journal |
| title | A Malware Detection Scheme Based on Mining Format Information |
| title_full | A Malware Detection Scheme Based on Mining Format Information |
| title_fullStr | A Malware Detection Scheme Based on Mining Format Information |
| title_full_unstemmed | A Malware Detection Scheme Based on Mining Format Information |
| title_short | A Malware Detection Scheme Based on Mining Format Information |
| title_sort | malware detection scheme based on mining format information |
| url | http://dx.doi.org/10.1155/2014/260905 |
| work_keys_str_mv | AT jinrongbai amalwaredetectionschemebasedonminingformatinformation AT junfengwang amalwaredetectionschemebasedonminingformatinformation AT guozhongzou amalwaredetectionschemebasedonminingformatinformation AT jinrongbai malwaredetectionschemebasedonminingformatinformation AT junfengwang malwaredetectionschemebasedonminingformatinformation AT guozhongzou malwaredetectionschemebasedonminingformatinformation |