Malware Detection Using Static and Dynamic Features of a Portable Executable (PE) File

Abstract

Rapid proliferation of malware poses severe threat to the computer security and Internet world today. Malware writers have evolved their techniques with the passage of time. Packing tools are also introduced for polymorphic and metamorphic code obfuscation. Traditionally used signature methods for the malware detection process becomes unreliable to detect these zero day malware attacks. Therefore malware researchers are working to search for the unique patterns and characteristics which remain unchangeable despite of code obfuscation. To address this issue, we propose an effective malware detection method based on the integration of static and dynamic features of an executable. The method firstly gathers static features without executing the file which includes PE Header Information and Printable Strings. After running the binary file in a sandbox environment gathers the dynamic features i.e. API call logs. The integrated feature vector is then analyzed and classified. Machine learning algorithms are used for the classification of data. In this research work, we also compared the performance of four classifiers. The proposed methodology takes advantage of both static and dynamic analysis. We conclude that the experimental results prove that our integrated method achieve higher overall accuracy compared to the standalone static and dynamic methods.