Detection of malicious portable executable files using static features

Abstract

Signature-based pattern matching is one of the most popular techniques used for detection of malwares. Malware signatures are stored in malware database which are used for pattern matching detection. However, similarity is calculated between the input data and the stored signature. Many problems can be faced undoubtedly (i.e calculation over-head and storage capacity problem). The detection process of malicious code can be bypassed through code obfuscation technique. So, use of machine learning comes into play for the detection of benign and malicious PE files. However, the previous techniques were limited for detecting the malware families. In our research, different PE file header fields are used as features which are obtained through parsing of PE files. Most significant features were selected after the process of feature engineering. Unsupervised machine learning techniques are used for the detection of malicious PE files. Partition based and density based clustering algorithms are applied over sample dataset. K-Means clustering and DBSCAN clustering algorithms are evaluated. Partition based clustering i.e k-Means out performs for classifying malicious and benign PE files.