A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features


Mohamed Belaoued, Smaine Mazouzi, Journal of Information Processing Systems
Vol. 12, No. 4, pp. 644-660, Aug. 2016
10.3745/JIPS.03.0058
Keywords: Chi-Square Test, Malware Analysis, PE-Optional Header, Real-Time Detection Windows API
Fulltext:

Abstract

The real-time detection of malware remains an open issue, since most of the existing approaches for malware categorization focus on improving the accuracy rather than the detection time. Therefore, finding a proper balance between these two characteristics is very important, especially for such sensitive systems. In this paper, we present a fast portable executable (PE) malware detection system, which is based on the analysis of the set of Application Programming Interfaces (APIs) called by a program and some technical PE features (TPFs). We used an efficient feature selection method, which first selects the most relevant APIs and TPFs using the chi-square (KHI²) measure, and then the Phi (?) coefficient was used to classify the features in different subsets, based on their relevance. We evaluated our method using different classifiers trained on different combinations of feature subsets. We obtained very satisfying results with more than 98% accuracy. Our system is adequate for real-time detection since it is able to categorize a file (Malware or Benign) in 0.09 seconds


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.




Cite this article
[APA Style]
Mohamed Belaoued and Smaine Mazouzi (2016). A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features . Journal of Information Processing Systems, 12(4), 644-660. DOI: 10.3745/JIPS.03.0058.

[IEEE Style]
M. Belaoued and S. Mazouzi, "A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features ," Journal of Information Processing Systems, vol. 12, no. 4, pp. 644-660, 2016. DOI: 10.3745/JIPS.03.0058.

[ACM Style]
Mohamed Belaoued and Smaine Mazouzi. 2016. A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features . Journal of Information Processing Systems, 12, 4, (2016), 644-660. DOI: 10.3745/JIPS.03.0058.