Artificial intelligence

Scientific journal

ISSN 2710-1673

ONLINE: ISSN 2710-1681

Search by:

Year of publication
Author name
Paper title

Machine Learning approach for malware detection using executable files features extraction

Voronov А.1, Harakhavik Y.2
1 United Institute of Informatics Problems of NAS of Belarus
2 Belarusian State University of Informatics and Radioelectronics BSUIR of Belarus

Full text (PDF)

UDC: 004.93
Publication Language: English
Stuc. intelekt. 2018; 23(3): 97-102

Abstract: A malicious software is generally an executable program which usually settles itself in the system, replicates by copying itself, and has a malicious effect. Modern antivirus systems detect malware by knowing its pattern and detect a new virus quite difficult. There are a lot of heuristic techniques are used for detecting an unknown malware which are usually consume a lot of system memory and CPU resources. This load can be overcome by training a machine learning model which collects features from Portable Executable (PE) file which are used for identifying an unknown virus patterns. A technique to collect these features from PE file is proposed in this paper.

Keywords:

References:

  1. 1. Koret, J., Bachaalany, E. (2015) The Antivirus
  2. Hacker’s Handbook. Indianapolis, Indiana: John
  3. Wiley & Sons, Inc.
  4. 2. Brink, H., Richards, J.W., Fetherolf, M. (2017)
  5. Real-World Machine Learning. Shelter Island,
  6. NY: Manning Publications Co.
  7. 3. Stopel, D., Boger, Z., Moskovitch, R., Shahar, Y.,
  8. Elovici, Y. (2006) Improving Worm Detection
  9. with Artificial Neural Networks through Feature
  10. Selection and Temporal Analysis Techniques.
  11. Be’er Sheva, Israel: Deutsche Telekom
  12. Laboratories at Ben-Gurion University.
  13. 4. Nikolenko, S., Kadurin, A., Arhangelskaya, E.
  14. (2018) Glubokoe obuchenie – SPb.: Piter. – 480 s.
  15. 5. Tensorflow API documentation [Electronic
  16. resource]. Available from:
  17. https://www.tensorflow.org/api_docs/python/tf/nn/
  18. softmax_cross_entropy_with_logits_v2. Date of
  19. access: 28.09.2018.
  20. 6. Sikorski, M. (2012) Practical Malware Analysis.
  21. San Francisco: No Starch Press, Inc. 800 p.
  22. 7. Kasperski, K. (2005) Zapiski issledovatelya
  23. kompyuternyih virusov. – SPb.: Piter. 316 s.
  24. 8. Ligh, M.H. (2011) Malware Analyst’s Cookbook
  25. and DVD: Tools and Techniques for Fighting Malicious Code. Indianapolis: Wiley Publishing,
  26. Inc. 744 p.
  27. 9. Marak, V. (2015) Windows Malware Analysis
  28. Essentials: Master the fundamentals of malware
  29. analysis for the Windows platform and enhance
  30. your anti-malware skill set. Birmingham: Packt
  31. Publishing Ltd. 330 p.
  32. 10. Shamir, A. (1985) Identity-based cryptosystems
  33. and signature schemes. Advances in cryptology,
  34. Springer, pp. 47–53.
  35. 11. Sahai, A., Waters, B. (2005) Fuzzy identity-based
  36. encryption. Advances in Cryptology–
  37. EUROCRYPT 2005, pp. 557–557.
  38. 12. Wolf, S. (1998) Unconditional Security in
  39. Cryptography. Lectures on Data Security, Modern
  40. Cryptology in Theory and Practice, volume 1561
  41. of Lecture Notes in Computer Science, pp. 217–
  42. 250. Springer-Verlag, July 1998.
  43. 13.Cappaert, J., Wyseur, B., Preneel, B. (2004)
  44. Software security techniques. COSIC internal
  45. report, Katholieke Universiteit Leuven.
  46. 14.Dent, A.W. (2006) Fundamental problems in
  47. provable security and cryptography. Philosophical
  48. Transactions of the Royal Society A: Mathematical,
  49. Physical and Engineering Sciences,
  50. 364(1849):3215–3230.
  51. 15. Kasperski, K. (2008) Iskusstvo
  52. dizassemblirovaniya. BHV.: Piter, 896 s.

View full text (PDF)