Cargando…
A Malware Detection Scheme Based on Mining Format Information
Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-d...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Hindawi Publishing Corporation
2014
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4060536/ https://www.ncbi.nlm.nih.gov/pubmed/24991639 http://dx.doi.org/10.1155/2014/260905 |
| _version_ | 1782321384547942400 |
|---|---|
| author | Bai, Jinrong Wang, Junfeng Zou, Guozhong |
| author_facet | Bai, Jinrong Wang, Junfeng Zou, Guozhong |
| author_sort | Bai, Jinrong |
| collection | PubMed |
| description | Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates. |
| format | Online Article Text |
| id | pubmed-4060536 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2014 |
| publisher | Hindawi Publishing Corporation |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-40605362014-07-02 A Malware Detection Scheme Based on Mining Format Information Bai, Jinrong Wang, Junfeng Zou, Guozhong ScientificWorldJournal Research Article Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates. Hindawi Publishing Corporation 2014 2014-06-02 /pmc/articles/PMC4060536/ /pubmed/24991639 http://dx.doi.org/10.1155/2014/260905 Text en Copyright © 2014 Jinrong Bai et al. https://creativecommons.org/licenses/by/3.0/ This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |
| spellingShingle | Research Article Bai, Jinrong Wang, Junfeng Zou, Guozhong A Malware Detection Scheme Based on Mining Format Information |
| title | A Malware Detection Scheme Based on Mining Format Information |
| title_full | A Malware Detection Scheme Based on Mining Format Information |
| title_fullStr | A Malware Detection Scheme Based on Mining Format Information |
| title_full_unstemmed | A Malware Detection Scheme Based on Mining Format Information |
| title_short | A Malware Detection Scheme Based on Mining Format Information |
| title_sort | malware detection scheme based on mining format information |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4060536/ https://www.ncbi.nlm.nih.gov/pubmed/24991639 http://dx.doi.org/10.1155/2014/260905 |
| work_keys_str_mv | AT baijinrong amalwaredetectionschemebasedonminingformatinformation AT wangjunfeng amalwaredetectionschemebasedonminingformatinformation AT zouguozhong amalwaredetectionschemebasedonminingformatinformation AT baijinrong malwaredetectionschemebasedonminingformatinformation AT wangjunfeng malwaredetectionschemebasedonminingformatinformation AT zouguozhong malwaredetectionschemebasedonminingformatinformation |