C4.5: programs for machine learning
C4.5: programs for machine learning
Malware: Fighting Malicious Code
Malware: Fighting Malicious Code
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
A heuristic approach for detection of obfuscated malware
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
MalPEFinder: fast and retrospective assessment of data breaches in malware attacks
Security and Communication Networks
| Hi-index | 0.00 |
While conventional malware detection approaches increasingly fail, modern heuristic strategies often perform dynamically, which is not possible in many applications due to related effort and the quantity of files. Based on existing work from [1] and [2] we analyse an approach towards statistical malware detection of PE executables. One benefit is its simplicity (evaluating 23 static features with moderate resource constrains), so it might support the application on large file amounts, e.g. for network-operators or a posteriori analyses in archival systems. After identifying promising features and their typical values, a custom hypothesis-based classification model and a statistical classification approach using the WEKA machine learning tool [3] are generated and evaluated. The results of large-scale classifications are compared showing that the custom, hypothesis based approach performs better on the chosen setup than the general purpose statistical algorithms. Concluding, malicious samples often have special characteristics so existing malware-scanners can effectively be supported.