Effect of PE File Header Features on Accuracy

Abstract

Malware programmers look for ways to attack computers and networks. They try to find entry points that bypass security and enable them to slip into the system. One of these ways is through Portable Executable (PE) files. On the other hand, methods are devised to discover this danger and take action against it. Artificial Intelligence (AI) can play an important role in the process of discovering malwares inside PE files. Using AI as a tool, this work aims to study the features of PE file headers as a means of detecting malware and assess the effect of these features on the level of accuracy. The study uses various numbers of PE features. Two different algorithms are used, each with two options, in order to discover their relative effectiveness. Tests are carried out using a specified control data set so that relative performance can be assessed. The criterion used is the level of accuracy obtained with a large number and variation of groups of studies. Each study starts with a collection of features, then features are progressively added to study the impact of these features on accuracy. This was important in showing that not all the features have a positive impact on accuracy. Also, there were some indications that using a large number of features will not always improve the accuracy. Using graphs, it was shown that accuracy will be enhanced after adding a certain number of features. Graphs also show that, along the way of adding the features, accuracy sometimes improves and, in some other times, it goes down, so not all added features are useful. More than 100 runs were made, using a total of 29 features. The highest accuracy obtained with Decision Tree was 0.987, and 0.979 in Neural Networks-Multi-layer Perceptron (NN-MLPC).