Abstract
With the unlimited growth of malware and the abundant and often reckless downloading of files from the internet, it is crucial to have an efficient method that can also be scalable and fast for detecting malware on a popular operating system, Microsoft Windows. Unlike static or dynamic detection that involves disassembling the code or time-intensive execution, statistical analysis that operates directly on binary content has a distinct advantage in speed and scalability. However, high feature dimensionality and high feature extraction cost increase the complexity of the algorithm and training model as well. Higher false negatives is another major limitation in detection. To address these challenges, this paper presents binary texture analysis extended from our work [22] by deriving new statistical texture features to detect over 10,000 Windows Portable Executable (PE) files into malign and benign ones. The same features [22] extracted over PE files (both DLLs and EXEs) have yielded good accuracy but the False Negative Rate (FNR) was still high. However, new features have enhanced the analysis and thus distinguishability between benign and malign files. Relative to state-of-the-art texture-based methods, the proposed method has used smaller feature dimensionality extracted at a lower cost, and with that, it has significantly reduced FNR to 0.4% while achieving an accuracy of 99.61%. The result is also compared with other malicious file detectors. The method thus has improved the other parameters than accuracy which are vital to the overall efficiency of the detection method.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call