The continuous growth in the number of malware instances has posed a serious challenge to the security of computer systems; hence, malware detection is a key factor in securing various devices, from personal devices to large servers. Static analysis allows for the extraction of multiple file characteristics belonging to different categories of information without incurring the overhead of dynamic analysis and the risks associated with it. In this paper, we present a methodology to classify Portable Executable (PE) files as malware or non-malware by exploiting the technology of neural networks, adapting it to the collected data to obtain better results. The aim of our methodology is to create a pocket tool, i.e., a tool that can be used even on devices with limited available resources. Hence our tests were conducted entirely using a personal computer with only 16GB of RAM. After a careful analysis of the techniques at our disposal and a selection of the most relevant information, we reduced the amount of resources used, both in terms of time and space, while maintaining a high accuracy of 93%.
Static analysis of PE files using neural network techniques for a pocket tool / Fonseca A, F. H.; Ferracci, S.; Palmaro, F.; Iocchi, L.; Nardi, D.; Franchina, L.. - (2021), pp. 01-06. (Intervento presentato al convegno 2021 IEEE International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2021 tenutosi a Flic en Flac; Mauritius) [10.1109/ICECCME52200.2021.9590958].
Static analysis of PE files using neural network techniques for a pocket tool
Ferracci S.
;Iocchi L.;Nardi D.;
2021
Abstract
The continuous growth in the number of malware instances has posed a serious challenge to the security of computer systems; hence, malware detection is a key factor in securing various devices, from personal devices to large servers. Static analysis allows for the extraction of multiple file characteristics belonging to different categories of information without incurring the overhead of dynamic analysis and the risks associated with it. In this paper, we present a methodology to classify Portable Executable (PE) files as malware or non-malware by exploiting the technology of neural networks, adapting it to the collected data to obtain better results. The aim of our methodology is to create a pocket tool, i.e., a tool that can be used even on devices with limited available resources. Hence our tests were conducted entirely using a personal computer with only 16GB of RAM. After a careful analysis of the techniques at our disposal and a selection of the most relevant information, we reduced the amount of resources used, both in terms of time and space, while maintaining a high accuracy of 93%.File | Dimensione | Formato | |
---|---|---|---|
Fonseca_Static_Analysis_2021.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.66 MB
Formato
Adobe PDF
|
1.66 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.