MCF: MultiComponent Features for Malware Analysis

Abstract

In this paper, we use machine learning techniques for classifying a Portable Executable (PE) file as malware or benign. This is achieved by extracting a new feature also referred to us as MultiComponent Feature composed of (a) PE metadata (b) Principal Instruction Code (PIC)(c) mnemonic bi-gram and (d) prominent unigrams that characterizes malware/benign files. Reduced feature set are obtained using feature selection and reduction methods such as Minimum Redundancy and Maximum Relevance (mRMR), Principal Component Analysis (PCA) and prominent EigenVector Feature (EVF). We demonstrate that amongst mRMR, PCA and EVF, mRMR feature selection method is suitable for extracting optimal PE attributes. The performance of our proposed method is compared with similar work reported in previous literature's and we have found that the detection rate with our methodology is found to be better compared to prior work. This suggest that the proposed method can be used effectively for the identification of malicious files.