Authors :
Shruti Gujar; Saurabh Patil
Volume/Issue :
Volume 9 - 2024, Issue 3 - March
Google Scholar :
https://tinyurl.com/y56kp98c
Scribd :
https://tinyurl.com/5ypysjwb
DOI :
https://doi.org/10.38124/ijisrt/IJISRT24MAR615
Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.
Abstract :
The malware is file or piece of code which is
delivered over network that infects or conducts any
behavior as attacker desired. So, it is one of the most
serious threats to modern world specially who are in
touch of computerand information technology. The older
signature-based detection is not convenient all the time.
This was not the perfect approach as it was detection
which uses unique signature or digital footprint from
software running on secured system. This method is used
in antivirus programs. These programs scan any
software program and try to identify the signatures.
These signatures are then compared to signature of
known malwares. But signatures may not be known to us
every time. This method has some lots of limitations. It is
unable to the new patterns or indicators of new threats
that are not already known. As a result, security
professionals often this method in conjunction with tools
that provide context into their network behavior. The PE
is actually file layout that is present in .exe, .dll file
formats and other machine level code and their PE
headers contains information that can help us
distinguish between malicious malware files and
legitimate files. This method is helpful to find hidden
patterns and to establish new techniques to recognize the
files. The virus share suffixedfiles are also the files which
performs malicious activities and malware in nature.
Even this type of files can be trained and recognized with
the help of PE headers-based method to recognize the
nature of file. Its possible to identify the malware by
looking at some key features from headers such as
checksum, section name, initialized data Size, DLL
characteristics and major image version.Looking at the
PE header is much faster than scanning the whole
information in the PE. Thus, the prediction of files are
possible even with faster rate. In this paper, we will
understand the different attributes available in PE
headers to carefully analyses the trends and to distinguish
the given executable files as malicious or legitimate on
basis of PE headers using advance machine learning
algorithms.
Keywords :
Machine Learning, PE Headers, Classifications, Malwaredetection, PE Header Table.
The malware is file or piece of code which is
delivered over network that infects or conducts any
behavior as attacker desired. So, it is one of the most
serious threats to modern world specially who are in
touch of computerand information technology. The older
signature-based detection is not convenient all the time.
This was not the perfect approach as it was detection
which uses unique signature or digital footprint from
software running on secured system. This method is used
in antivirus programs. These programs scan any
software program and try to identify the signatures.
These signatures are then compared to signature of
known malwares. But signatures may not be known to us
every time. This method has some lots of limitations. It is
unable to the new patterns or indicators of new threats
that are not already known. As a result, security
professionals often this method in conjunction with tools
that provide context into their network behavior. The PE
is actually file layout that is present in .exe, .dll file
formats and other machine level code and their PE
headers contains information that can help us
distinguish between malicious malware files and
legitimate files. This method is helpful to find hidden
patterns and to establish new techniques to recognize the
files. The virus share suffixedfiles are also the files which
performs malicious activities and malware in nature.
Even this type of files can be trained and recognized with
the help of PE headers-based method to recognize the
nature of file. Its possible to identify the malware by
looking at some key features from headers such as
checksum, section name, initialized data Size, DLL
characteristics and major image version.Looking at the
PE header is much faster than scanning the whole
information in the PE. Thus, the prediction of files are
possible even with faster rate. In this paper, we will
understand the different attributes available in PE
headers to carefully analyses the trends and to distinguish
the given executable files as malicious or legitimate on
basis of PE headers using advance machine learning
algorithms.
Keywords :
Machine Learning, PE Headers, Classifications, Malwaredetection, PE Header Table.