Hal will be stopped for maintenance from friday on june 10 at 4pm until monday june 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features

Abstract : Constructing an efficient malware detection system requires taking into consideration two important aspects, which are the accuracy and the detection time. However, finding an appropriate balance between these two characteristics remains at this time a very challenging problem. In this paper, we present a real-time PE (Portable Executable) malware detection system, which is based on the analysis of the information stored in the PE-Optional Header fields (PEF). Our system used a combination of the Chi-square (KHI2) score and the Phi (ϕ) coefficient as feature selection method. We have evaluated our system using Rotation Forest classifier implemented in WEKA and we reached more than 97% of accuracy. Our system is able to categorize a file in 0.077 seconds, which makes it adequate for real-time detection of malware.
Document type :
Conference papers
Complete list of metadata

Cited literature [14 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, May 11, 2018 - 3:10:08 PM
Last modification on : Thursday, January 20, 2022 - 11:42:04 AM
Long-term archiving on: : Tuesday, September 25, 2018 - 7:52:32 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Mohamed Belaoued, Smaine Mazouzi. A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features. 5th International Conference on Computer Science and Its Applications (CIIA), May 2015, Saida, Algeria. pp.416-425, ⟨10.1007/978-3-319-19578-0_34⟩. ⟨hal-01789936⟩



Record views


Files downloads