PE-Header-Based Malware Study and Detection

In this paper, the author present a simple and faster approach to distinguish between malware and legitimate .exe files by simply looking at properties of the MS Windows Portable Executable (PE) headers. They extract distinguishing features from the PEheaders using the structural information standardized by the Microsoft Windows operating system for executables. The author use the following three methodology: collect a large dataset of malware .exe and legitimate .exe from the two website, and by using a Web-Spider, use a PE-Header-Parser to extract the features of each header field, compare and find the most significant difference between malware and legitimate .exe files, use a Icon-Extractor to extract the icons from the PE, find the most prevalent icons from the malware .exe files.

Resource Details

Provided by:
University of Genova