2009
DOI: 10.1007/978-3-642-04342-0_7
|View full text |Cite
|
Sign up to set email alerts
|

PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime

Abstract: Abstract. In this paper, we present an accurate and realtime PE-Miner framework that automatically extracts distinguishing features from portable executables (PE) to detect zero-day (i.e. previously unknown) malware. The distinguishing features are extracted using the structural information standardized by the Microsoft Windows operating system for executables, DLLs and object files. We follow a threefold research methodology: (1) identify a set of structural features for PE files which is computable in realti… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
82
0
2

Year Published

2012
2012
2024
2024

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 164 publications
(94 citation statements)
references
References 8 publications
1
82
0
2
Order By: Relevance
“…We found some insights from our review which are as follows: First we observed that systems using opcode and PE features adhere to low FPR and high accuracy i.e. above 95% with some fluctuations [11,14,17,18]. They were unable to cope with packed executables, while disassembly of executables is not always feasible.…”
Section: Performance Evaluationmentioning
confidence: 83%
See 1 more Smart Citation
“…We found some insights from our review which are as follows: First we observed that systems using opcode and PE features adhere to low FPR and high accuracy i.e. above 95% with some fluctuations [11,14,17,18]. They were unable to cope with packed executables, while disassembly of executables is not always feasible.…”
Section: Performance Evaluationmentioning
confidence: 83%
“…PE-miner approach in [17] was robust and reliable against packed executables in real time with low processing overheads. Behavioral features API call and system call tracing is effective on zero day malwares while they increase the FPR which can undermine the efficacy of the system.…”
Section: Performance Evaluationmentioning
confidence: 99%
“…Bilar [6] proposed using mnemonics of assembly instructions from file content as a predictor for malware. Statistical machine learning and data science methods [9] have been increasingly used for malware detection, including approaches based on support vector machines, logistic regression, Naïve Bayes, neural networks, deep learning, wavelet transforms, decision trees and k-nearest neighbors [4,8,13,16,[29][30][31][32]37].…”
Section: Related Workmentioning
confidence: 99%
“…Effective statistical learning approaches can automatically find root patterns behind execution of a malicious file to build a model that can accurately and quickly classify new malware [3,4,[29][30][31][32]35]. We propose a new approach for malware detection from Microsoft portable executable (PE) files [26] using an advanced time series classification approach, which can pick up local discriminative features from data.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation