Statistical Detection of Malicious PE-Executables for Fast Offline Analysis

Abstract : While conventional malware detection approaches increasingly fail, modern heuristic strategies often perform dynamically, which is not possible in many applications due to related effort and the quantity of files. Based on existing work from [1] and [2] we analyse an approach towards statistical malware detection of PE executables. One benefit is its simplicity (evaluating 23 static features with moderate resource constrains), so it might support the application on large file amounts, e.g. for network-operators or a posteriori analyses in archival systems. After identifying promising features and their typical values, a custom hypothesis-based classification model and a statistical classification approach using the WEKA machine learning tool [3] are generated and evaluated. The results of large-scale classifications are compared showing that the custom, hypothesis based approach performs better on the chosen setup than the general purpose statistical algorithms. Concluding, malicious samples often have special characteristics so existing malware-scanners can effectively be supported.
Type de document :
Communication dans un congrès
Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.93-105, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_10〉
Liste complète des métadonnées

Littérature citée [8 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01056387
Contributeur : Hal Ifip <>
Soumis le : lundi 18 août 2014 - 17:58:25
Dernière modification le : vendredi 23 février 2018 - 10:42:09
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 05:33:29

Fichier

cms2010_submission_37.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Ronny Merkel, Tobias Hoppe, Christian Kraetzer, Jana Dittmann. Statistical Detection of Malicious PE-Executables for Fast Offline Analysis. Bart Decker; Ingrid Schaumüller-Bichl. 11th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security (CMS), May 2010, Linz, Austria. Springer, Lecture Notes in Computer Science, LNCS-6109, pp.93-105, 2010, Communications and Multimedia Security. 〈10.1007/978-3-642-13241-4_10〉. 〈hal-01056387〉

Partager

Métriques

Consultations de la notice

399

Téléchargements de fichiers

476