Skip to main content
SpringerLink
Log in

Construction and evaluation of the new heuristic malware detection mechanism based on executable files static analysis

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

The paper presents the application justification of a new set of features collected at the stage of the static analysis of the executable files to address the problem of malicious code detection. In the course of study the following problems were solved: the development of the executable files classifier in the absence of a priori data concerning their functionality; designing the class models of uninfected files and malware during the learning process; the development of malicious code detection procedure using the neural networks mathematical apparatus and decision tree composition relating to the set of features specified on the basis of the executable files static analysis. The paper contains the results of experimental evaluation of the developed detection mechanism efficiency on the basis of neural networks (accuracy was 0.99125) and decision tree composition (accuracy was 0.99240). The obtained data confirmed the hypothesis about the possibility of constructing the heuristic malware analyzer on the basis of features selected during the static analysis of the executable files.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. AV-Comparatives: malware protection test. https://www.av-comparatives.org/wp-content/uploads/2017/04/avc_mpt_201703_en.pdf (2017)

  2. Buitinck, L., Louppe, G., Blondel, M., Pedregosa, F., Mueller, A., Grisel, O., Niculae, V., Prettenhofer, P., Gramfort, A., Grobler, J., Layton, R., VanderPlas, J., Joly, A., Holt, B., Varoquaux, G.: API design for machine learning software: experiences from the scikit-learn project. In: ECML PKDD Workshop: Languages for Data Mining and Machine Learning, pp. 108–122 (2013)

  3. David, B., Filiol, E., Gallienne, K.: Structural analysis of binary executable headers for malware detection optimization. J. Comput. Virol. Hacking Tech. 13(2), 87–93 (2017). https://doi.org/10.1007/s11416-016-0274-2

    Article  Google Scholar 

  4. Federal Service for Technology and Export Control: Informational report on antivirus software requirements approval (2012) (in Russian)

  5. Kingma, D., Adam, J.B.: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  6. Kozachok, A.V.: Mathematical model of destructive software recognition tools based on hidden markov models. Vestnik SibGUTI 3, 29–39 (2012). (in Russian)

    Google Scholar 

  7. Ochsenmeier, M.: Pestudio—malware initial assesment https://www.winitor.com/features.html (2017)

  8. Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: Opem: a static–dynamic approach for machine-learning-based malware detection. In: International Joint Conference CISIS12-ICEUTE’ 12-SOCO’ 12 Special Sessions, pp. 271–280. Springer, Berlin (2013)

  9. Schmid, H.: Probabilistic Part-of-Speech Tagging Using Decision Trees. UMIST, Manchester (1994)

    Google Scholar 

  10. Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: a state-of-the-art survey. Information Security Technical Report 14(1), 16–29 (2009). https://doi.org/10.1016/j.istr.2009.03.003. http://www.sciencedirect.com/science/article/pii/S1363412709000041

  11. Shi, T., Horvath, S.: Unsupervised learning with random forest predictors. J. Comput. Graph. Stat. 15(1), 118–138 (2006)

    Article  MathSciNet  Google Scholar 

  12. Siddiqui, M., Wang, M.C., Lee, J.: A survey of data mining techniques for malware detection using file features. In: Proceedings of the 46th Annual Southeast Regional Conference on XX, ACM-SE 46, pp. 509–510. ACM, New York (2008). https://doi.org/10.1145/1593105.1593239

  13. Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929–1958 (2014). http://dl.acm.org/citation.cfm?id=2627435.2670313

Download references

Author information

Authors and Affiliations

  1. Academy of the Federal Guard Service, Oryol, Russia

    A. V. Kozachok & V. I. Kozachok

Authors
  1. A. V. Kozachok
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. I. Kozachok
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. V. Kozachok.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kozachok, A.V., Kozachok, V.I. Construction and evaluation of the new heuristic malware detection mechanism based on executable files static analysis. J Comput Virol Hack Tech 14, 225–231 (2018). https://doi.org/10.1007/s11416-017-0309-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-017-0309-3

Keywords

Search

Navigation