Abstract
Attack by spreading malware is a dangerous attack form that is very difficult to detect and prevent. Attack techniques that spread malware through users and then escalate privileges in the system are increasingly used by attackers. The three main methods and techniques for tracking and detecting malware that is being currently studied and applied include signature-based, behavior-based, and hybrid techniques. In particular, the behavior-based technique with the support of machine learning algorithms has given high efficiency. On the other hand, in reality, attackers often find various ways and techniques to hide behaviors of the malware based on the Portable Executable File Format (PE File) of the malware. This makes it difficult for surveillance systems to detect malware. From the above reasons, in this paper, we propose a malware detection method based on the PE File analysis technique using machine learning and deep learning algorithms. Our main contribution in this paper is proposing some features that represent abnormal behaviors of malware based on PE File and the efficiency of some machine learning algorithms in the classification process.
Highlights
Malware is software that is purposefully designed to cause damage to a personal computer, server, or computer network system [1, 2]
To fix the above disadvantages, in this paper, we propose a malware detection method based on the PE file analysis technique using machine learning and deep learning algorithms
To test the accuracy of Convolutional Neural Network (CNN) after training, we put in a test set including 30,000 images consisting of malware and normal files, the results are similar to the trained model
Summary
Malware is software that is purposefully designed to cause damage to a personal computer, server, or computer network system [1, 2]. The signature-based detection method is the static analysis which analyzes the source code without executing the file [9]. Disassembly: involves reversing the machine code into assembly language and knowing the logic and the purpose of the software This is the most commonly used and reliable method in static analysis. To fix the above disadvantages, in this paper, we propose a malware detection method based on the PE file analysis technique using machine learning and deep learning algorithms. We analyze each different component in the PE file in detail in order to build behavior profiles of malware With this approach, we could instantly collect behaviors and functions of malware designed and installed before by attackers.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have