Malware Detection Based on Multiple PE Headers Identification and Optimization for Specific Types of Files

This paper follows our previous research where we made a basic experiment to nd out if it is possible to detect malware by multiple PE header detection. The previous results show us that there is a considerable amount of malwares that connect themselves to another le. This paper summarizes our previous results, updates the results and also expands them by adding an optimization method and also by including the scan of another (speci c) types of data.

[1]  Eric Filiol,et al.  Structural analysis of binary executable headers for malware detection optimization , 2017, Journal of Computer Virology and Hacking Techniques.

[2]  Dimitris Gritzalis,et al.  Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012, Comput. Secur..

[3]  John Aycock,et al.  Computer Viruses and Malware , 2006, Advances in Information Security.

[4]  Yibin Liao,et al.  PE-Header-Based Malware Study and Detection , 2012 .

[5]  Dolly Uppal,et al.  Basic survey on Malware Analysis, Tools and Techniques , 2014 .

[6]  Ronny Merkel,et al.  Statistical Detection of Malicious PE-Executables for Fast Offline Analysis , 2010, Communications and Multimedia Security.

[7]  Smaine Mazouzi,et al.  A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features , 2016, J. Inf. Process. Syst..

[8]  Marcus A. Maloof,et al.  Learning to detect malicious executables in the wild , 2004, KDD.

[9]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10]  Mark Stamp,et al.  Hunting for metamorphic engines , 2006, Journal in Computer Virology.

[11]  Sanjay Kumar Sahay,et al.  Evolution and Detection of Polymorphic and Metamorphic Malwares: A Survey , 2014, ArXiv.

[12]  Ludovic Mé,et al.  Code obfuscation techniques for metamorphic viruses , 2008, Journal in Computer Virology.

[13]  Muhammad Zubair Shafiq,et al.  PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[14]  Muddassar Farooq,et al.  ELF-Miner: using structural knowledge and data mining methods to detect new (Linux) malicious executables , 2011, Knowledge and Information Systems.