Loading...
Please wait, while we are loading the content...
Similar Documents
PE-Header-Based Malware Study and Detection
| Content Provider | Semantic Scholar |
|---|---|
| Author | Liao, Yibin |
| Copyright Year | 2012 |
| Abstract | In this paper, I present a simple and faster apporach to distinguish between malware and legitimate .exe files by simply looking at properties of the MS Windows Portable Executable (PE) headers. We extract distinguishing features from the PEheaders using the structural information standardized by the Miscrosoft Windows operating system for executables. I use the following three methodology: (1) collect a large dataset of malware .exe and legitimate .exe from the two website, www.downloads.com and www.softpedia.com by using a WebSpider, (2) use a PE-Header-Parser to extract the features of each header field, compare and find the most significant difference between malware and legitimate .exe files, (3) use a Icon-Extractor to extract the icons from the PE, find the most prevalent icons from the malware .exe files. I have evaluated our apporach on a large dataset which contains 5598 malware samples and 1237 legitimate samples respectively. The result of our experiments show that the PEHeader-Based approach achieves more than 99% detection rate with less than 0.2% false positive for distinguishing between benign and malicious executables in less than 20 minutes. We have also found 3 most prevalent icons from malware that are seldom seen in legitimate PE files, and 8 types of misleading icons from malware. My results show that it is possible to identify the malware by simply looking at some key features from PE headers. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://cobweb.cs.uga.edu/~liao/PE_Final_Report.pdf |
| Alternate Webpage(s) | http://cobweb.cs.uga.edu/~liao/PE_Presentation.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
