2020
DOI: 10.1109/access.2020.2978335
|View full text |Cite
|
Sign up to set email alerts
|

Exploring Function Call Graph Vectorization and File Statistical Features in Malicious PE File Classification

Abstract: Over the last few years, the malware propagation on PC platforms, especially on Windows OS has been even severe. For the purpose of resisting a large scale of malware variants, machine learning (ML) classifiers for malicious Portable Executable (PE) files have been proposed to achieve automated classification. Recently, function call graph (FCG) vectorization (FCGV) representation was explored as the input feature to achieve higher ML classification accuracy, but FCGV representation loses some critical feature… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2022
2022
2023
2023

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 12 publications
(4 citation statements)
references
References 27 publications
0
4
0
Order By: Relevance
“…The methodology (see Fig. 5) describes a technique for detecting ransomware using Cuckoo Sandbox [31], feature extraction from Portable Executable (PE) files [32], and YARA rules [33]. By analysing the characteristics and patterns of PE files, it is possible to identify potential ransomware threats and lessen their impact.…”
Section: Methodsmentioning
confidence: 99%
“…The methodology (see Fig. 5) describes a technique for detecting ransomware using Cuckoo Sandbox [31], feature extraction from Portable Executable (PE) files [32], and YARA rules [33]. By analysing the characteristics and patterns of PE files, it is possible to identify potential ransomware threats and lessen their impact.…”
Section: Methodsmentioning
confidence: 99%
“…The next type of graph-based feature is the Function Call Graph (FCG). The FCG is also a directed graph constructed from programs where the vertices specify the functions and the edges define the caller-callee relationship between functions [39]. In the paper [11], there is another type of graph-based feature: the opcode sequence graph.…”
Section: ) Static Analysismentioning
confidence: 99%
“… Zhang et al (2020) explored function call graph vectorization representation (FCGV) as the input feature to machine learning algorithms for classification and noted that this representation loses some critical features of PE files due to the hash technique being used. They improved the classification accuracy of the FCGV-based machine learning model by applying both graph and non-graph features and achieved a maximum accuracy of 99.5% with non-graph, i.e., statistical features.…”
Section: Literature Reviewmentioning
confidence: 99%