PE-Header-Based Malware Study and Detection

In this paper, the author present a simple and faster approach to distinguish between malware and legitimate .exe files by simply looking at properties of the MS Windows Portable Executable (PE) headers. They extract distinguishing features from the PEheaders using the structural information standardized by the Microsoft Windows operating system for executables. The author use the following three methodology: collect a large dataset of malware .exe and legitimate .exe from the two website, www.downloads.com and www.softpedia.com by using a Web-Spider, use a PE-Header-Parser to extract the features of each header field, compare and find the most significant difference between malware and legitimate .exe files, use a Icon-Extractor to extract the icons from the PE, find the most prevalent icons from the malware .exe files.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Provided by:
University of Genova
Topic:
Security
Format:
PDF