A Machine Learning-Based PE Header Analysis for Malware Detection

Abstract

The malware is file or piece of code which is delivered over network that infects or conducts any behavior as attacker desired. So, it is one of the most serious threats to modern world specially who are in touch of computerand information technology. The older signature-based detection is not convenient all the time. This was not the perfect approach as it was detection which uses unique signature or digital footprint from software running on secured system. This method is used in antivirus programs. These programs scan any software program and try to identify the signatures. These signatures are then compared to signature of known malwares. But signatures may not be known to us every time. This method has some lots of limitations. It is unable to the new patterns or indicators of new threats that are not already known. As a result, security professionals often this method in conjunction with tools that provide context into their network behavior. The PE is actually file layout that is present in .exe, .dll file formats and other machine level code and their PE headers contains information that can help us distinguish between malicious malware files and legitimate files. This method is helpful to find hidden patterns and to establish new techniques to recognize the files. The virus share suffixedfiles are also the files which performs malicious activities and malware in nature. Even this type of files can be trained and recognized with the help of PE headers-based method to recognize the nature of file. Its possible to identify the malware by looking at some key features from headers such as checksum, section name, initialized data Size, DLL characteristics and major image version.Looking at the PE header is much faster than scanning the whole information in the PE. Thus, the prediction of files are possible even with faster rate. In this paper, we will understand the different attributes available in PE headers to carefully analyses the trends and to distinguish the given executable files as malicious or legitimate on basis of PE headers using advance machine learning algorithms.