A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features

Abstract : Constructing an efficient malware detection system requires taking into consideration two important aspects, which are the accuracy and the detection time. However, finding an appropriate balance between these two characteristics remains at this time a very challenging problem. In this paper, we present a real-time PE (Portable Executable) malware detection system, which is based on the analysis of the information stored in the PE-Optional Header fields (PEF). Our system used a combination of the Chi-square (KHI2) score and the Phi (ϕ) coefficient as feature selection method. We have evaluated our system using Rotation Forest classifier implemented in WEKA and we reached more than 97% of accuracy. Our system is able to categorize a file in 0.077 seconds, which makes it adequate for real-time detection of malware.
Document type :
Conference papers
Complete list of metadatas

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-01789936
Contributor : Hal Ifip <>
Submitted on : Friday, May 11, 2018 - 3:10:08 PM
Last modification on : Friday, May 11, 2018 - 3:13:38 PM
Long-term archiving on : Tuesday, September 25, 2018 - 7:52:32 AM

File

339159_1_En_34_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Mohamed Belaoued, Smaine Mazouzi. A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features. 5th International Conference on Computer Science and Its Applications (CIIA), May 2015, Saida, Algeria. pp.416-425, ⟨10.1007/978-3-319-19578-0_34⟩. ⟨hal-01789936⟩

Share

Metrics

Record views

189

Files downloads

333