基于机器学习算法的APT1数据集字符串和PE头特征静态恶意软件分析

2019 International Conference on Computational Science and Computational Intelligence (CSCI) Pub Date : 2019-12-01 DOI:10.1109/CSCI49370.2019.00022

Neil Balram, G. Hsieh, Christian McFall

{"title":"基于机器学习算法的APT1数据集字符串和PE头特征静态恶意软件分析","authors":"Neil Balram, G. Hsieh, Christian McFall","doi":"10.1109/CSCI49370.2019.00022","DOIUrl":null,"url":null,"abstract":"Static malware analysis is used to analyze executable files without executing the code to determine whether a file is malicious or not. Data analytic and machine learning techniques have been used increasingly to help process the large number of malware files circulating in the wild and detect new attacks. In this paper, we present the design and implementation of six different machine learning classifiers, and two distinct categories of features statically extracted from the executables: strings and Portable Executable header information. A total of twelve malware detectors were implemented for each of the six classifiers to operate with each of the two feature categories separately. These classifiers and feature extraction algorithms were implemented in Python using the scikit-learn machine learning library. The performances in detection accuracy and required processing time of the twelve malware detectors were compared and analyzed.","PeriodicalId":103662,"journal":{"name":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Static Malware Analysis Using Machine Learning Algorithms on APT1 Dataset with String and PE Header Features\",\"authors\":\"Neil Balram, G. Hsieh, Christian McFall\",\"doi\":\"10.1109/CSCI49370.2019.00022\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Static malware analysis is used to analyze executable files without executing the code to determine whether a file is malicious or not. Data analytic and machine learning techniques have been used increasingly to help process the large number of malware files circulating in the wild and detect new attacks. In this paper, we present the design and implementation of six different machine learning classifiers, and two distinct categories of features statically extracted from the executables: strings and Portable Executable header information. A total of twelve malware detectors were implemented for each of the six classifiers to operate with each of the two feature categories separately. These classifiers and feature extraction algorithms were implemented in Python using the scikit-learn machine learning library. The performances in detection accuracy and required processing time of the twelve malware detectors were compared and analyzed.\",\"PeriodicalId\":103662,\"journal\":{\"name\":\"2019 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Computational Science and Computational Intelligence (CSCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCI49370.2019.00022\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Computational Science and Computational Intelligence (CSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCI49370.2019.00022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

静态恶意软件分析是在不执行代码的情况下对可执行文件进行分析，以确定文件是否为恶意文件。数据分析和机器学习技术已被越来越多地用于帮助处理大量恶意软件文件，并检测新的攻击。在本文中，我们介绍了六种不同的机器学习分类器的设计和实现，以及从可执行文件中静态提取的两种不同类别的特征:字符串和可移植可执行头信息。总共为六个分类器中的每一个实现了十二个恶意软件检测器，分别与两个特征类别中的每一个运行。这些分类器和特征提取算法使用scikit-learn机器学习库在Python中实现。比较分析了12种恶意软件检测器在检测精度和所需处理时间方面的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Static Malware Analysis Using Machine Learning Algorithms on APT1 Dataset with String and PE Header Features

Static malware analysis is used to analyze executable files without executing the code to determine whether a file is malicious or not. Data analytic and machine learning techniques have been used increasingly to help process the large number of malware files circulating in the wild and detect new attacks. In this paper, we present the design and implementation of six different machine learning classifiers, and two distinct categories of features statically extracted from the executables: strings and Portable Executable header information. A total of twelve malware detectors were implemented for each of the six classifiers to operate with each of the two feature categories separately. These classifiers and feature extraction algorithms were implemented in Python using the scikit-learn machine learning library. The performances in detection accuracy and required processing time of the twelve malware detectors were compared and analyzed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 International Conference on Computational Science and Computational Intelligence (CSCI)

自引率

0.00%

发文量