Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RAID
2009
Springer
2009
Springer
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
In this paper, we present an accurate and realtime PE-Miner framework that automatically extracts distinguishing features from portable executables (PE) to detect zero-day (i.e. previously unknown) malware. The distinguishing features are extracted using the structural information standardized by the Microsoft Windows operating system for executables, DLLs and object files. We follow a threefold research methodology: (1) identify a set of structural features for PE files which is computable in realtime, (2) use an efficient preprocessor for removing redundancy in the features’ set, and (3) select an efficient data mining algorithm for final classification between benign and malicious executables. We have evaluated PE-Miner on two malware collections, VX Heavens and Malfease datasets which contain about 11 and 5 thousand malicious PE files respectively. The results of our experiments show that PE-Miner achieves more than 99% detection rate with less than 0.5% false alarm rate for...
Real-time Traffic| Added | 27 May 2010 |
| Updated | 27 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | RAID |
| Authors | M. Zubair Shafiq, S. Momina Tabish, Fauzan Mirza, Muddassar Farooq |
Comments (0)
Researcher Info
|
