Abstract

The .Net Framework has made writing windows applications easier than ever. Several programming languages can be used to write software using the .Net Framework, the most common one being C#. Due to the abundance of modules and pre-built functionalities that allow programmers to easily manipulate the windows operating system with high abstraction and no need for low-level coding, the .Net framework has also become a desirable environment for malicious actors to write their malware. To best of our knowledge, researchers have been treating .NET malware and other malware the same way by utilizing features from the PE header to classify the files. This is not possible for.Net files because their PE headers are nearly identical. In this paper, we tackle the problem of detecting malicious .Net files by extracting features from the CLR header. As far as we know, we are the first ones to explore this approach. Furthermore, we create a new dataset comprised of.Net malware and benign files, which we freely distribute to the research community. Finally, we assess the performance of several machine learning algorithms to detect malicious .NET files. The random forest model was the best solution among the set of algorithms tested, exhibiting a performance of 92% for this predictive task.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.