Sciweavers

Share
RAID
2009
Springer

PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime

12 years 4 months ago
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
In this paper, we present an accurate and realtime PE-Miner framework that automatically extracts distinguishing features from portable executables (PE) to detect zero-day (i.e. previously unknown) malware. The distinguishing features are extracted using the structural information standardized by the Microsoft Windows operating system for executables, DLLs and object files. We follow a threefold research methodology: (1) identify a set of structural features for PE files which is computable in realtime, (2) use an efficient preprocessor for removing redundancy in the features’ set, and (3) select an efficient data mining algorithm for final classification between benign and malicious executables. We have evaluated PE-Miner on two malware collections, VX Heavens and Malfease datasets which contain about 11 and 5 thousand malicious PE files respectively. The results of our experiments show that PE-Miner achieves more than 99% detection rate with less than 0.5% false alarm rate for...
M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza,
Added 27 May 2010
Updated 27 May 2010
Type Conference
Year 2009
Where RAID
Authors M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza, Muddassar Farooq
Comments (0)
books