Investigation of Malicious Portable Executable File Detection on the Network using Supervised Learning Techniques

Malware continues to be a critical concern for everyone from home users to enterprises. Today, most devices are connected through networks to the Internet. Therefore, malicious code can easily and rapidly spread. The objective of this paper is to examine how malicious portable executable (PE) files can be detected on the network by utilizing machine learning algorithms. The efficiency and effectiveness of the network detection rely on the number of features and the learning algorithms. In this work, we examined 28 features extracted from metadata, packing, imported DLLs and functions of four different types of PE files for malware detection. The returned results showed that the proposed system can achieve 98.7% detection rates, 1.8% false positive rate, and with an average scanning speed of 0.5 seconds per file in our testing environment.

Keywords

feature extraction, malware, cryptography

Cite As

Vyas, R., Luo, X., McFarland, N., & Justice, C. (2017). Investigation of malicious portable executable file detection on the network using supervised learning techniques. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 941–946). https://doi.org/10.23919/INM.2017.7987416

Journal

2017 IFIP/IEEE Symposium on Integrated Network and Service Management

Rights

Publisher Policy

Source

Author

Type

Article

Permanent Link

https://hdl.handle.net/1805/16011

DOI

https://doi.org/10.23919/INM.2017.7987416

Version

Author's manuscript

Collections

Open Access Policy Articles
Computer Information and Graphics Technology Works

Full item page