Malware continues to evolve despite intense use of antimalware techniques. Detecting malware becomes a tough task as malware attackers adapt different counter detection methods. The long forgotten signature method used by many antimalware companies has become inefficient due to different new and unknown malwares. This paper presents an effective classification method that integrates static and dynamic features of a binary executable and classifies data using machine learning algorithms. The method initially gathers static features by exploring binary code of an executable which includes PE header Information and Printable Strings. After executing binary file in a sandbox environment, it gathers dynamic features i.e. API call logs. The integrated feature vector is then analyzed and classified using classification algorithms. In this work, we also present a comparison of the performance of four classifiers i.e. SVM, Naïve Bayes, J48 and Random Forest. Based on the classification results, we deduce that Random Forest performs best with an accuracy of 97.2 %.
CITATION STYLE
Awan, S., & Saqib, N. A. (2016). Detection of malicious executables using static and dynamic features of portable executable (PE) file. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10067 LNCS, pp. 48–58). Springer Verlag. https://doi.org/10.1007/978-3-319-49145-5_6
Mendeley helps you to discover research relevant for your work.