Generating Features of Windows Portable Executable Files for Static Analysis using Portable Executable Reader Module (PEFile)

2021 4th International Conference of Computer and Informatics Engineering (IC2IE) Pub Date : 2021-09-14 DOI:10.1109/ic2ie53219.2021.9649225

Rico S. Santos, E. Festijo

{"title":"Generating Features of Windows Portable Executable Files for Static Analysis using Portable Executable Reader Module (PEFile)","authors":"Rico S. Santos, E. Festijo","doi":"10.1109/ic2ie53219.2021.9649225","DOIUrl":null,"url":null,"abstract":"The identification of malicious program at an early stage has been proven to be effective in reducing the chance of malware infection on the device or a system. A common approach to do this is through static analysis. Static analysis examines the source code of portable executable (PE) files without actually executing them. Selecting static features that will be used to for static analysis is an arduous process. To address this issue and in preparation for selecting static features for static analysis, this paper explores the use of PEFILE, a Python-based toolkit to analyze PE scripts. PEFILE is a versatile application that analyze malware files in a virtual environment. Four different datasets of malware packages are investigated using PEFILE. Three different algorithms are used to create the final output, namely 1) Extraction algorithm (Feature Extraction), 2) Selection algorithm (Feature Selection) and 3) Dataset Algorithm (Dataset Creation). The selected features from each malware packages are then compared and analyzed.","PeriodicalId":178443,"journal":{"name":"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 4th International Conference of Computer and Informatics Engineering (IC2IE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ic2ie53219.2021.9649225","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The identification of malicious program at an early stage has been proven to be effective in reducing the chance of malware infection on the device or a system. A common approach to do this is through static analysis. Static analysis examines the source code of portable executable (PE) files without actually executing them. Selecting static features that will be used to for static analysis is an arduous process. To address this issue and in preparation for selecting static features for static analysis, this paper explores the use of PEFILE, a Python-based toolkit to analyze PE scripts. PEFILE is a versatile application that analyze malware files in a virtual environment. Four different datasets of malware packages are investigated using PEFILE. Three different algorithms are used to create the final output, namely 1) Extraction algorithm (Feature Extraction), 2) Selection algorithm (Feature Selection) and 3) Dataset Algorithm (Dataset Creation). The selected features from each malware packages are then compared and analyzed.

查看原文本刊更多论文

使用便携式可执行文件阅读器模块(PEFile)生成用于静态分析的Windows便携式可执行文件的特征

在早期阶段识别恶意程序已被证明可以有效地减少设备或系统上恶意软件感染的机会。一种常见的方法是通过静态分析。静态分析检查可移植可执行文件(PE)的源代码，而不实际执行它们。选择将用于静态分析的静态特性是一个艰巨的过程。为了解决这个问题并为静态分析选择静态特性做准备，本文探讨了PEFILE的使用，PEFILE是一个基于python的工具包，用于分析PE脚本。PEFILE是一个多功能应用程序，用于分析虚拟环境中的恶意软件文件。使用PEFILE对四种不同的恶意软件包数据集进行了研究。最终的输出使用了三种不同的算法，分别是1)提取算法(Feature Extraction)， 2)选择算法(Feature Selection)和3)数据集算法(Dataset Creation)。然后从每个恶意软件包中选择的特征进行比较和分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 4th International Conference of Computer and Informatics Engineering (IC2IE)

自引率

0.00%

发文量