دسته بندی:
اینترنت اشیاء - Internet of Things
سال انتشار:
2022
عنوان انگلیسی مقاله:
Evaluation of printable character-based malicious PE file-detection method
ترجمه فارسی عنوان مقاله:
ارزیابی روش تشخیص فایل PE مخرب مبتنی بر کاراکتر قابل چاپ
منبع:
ScienceDirect- Elsevier- Internet of Things, 19 (2022) 100521: doi:10:1016/j:iot:2022:100521
نویسنده:
Mamoru Mimura
چکیده انگلیسی:
Printable characters extracted from portable executable (PE) files are a common surface analysis
feature. String extraction is a supplemental feature for malware analysis. Recent developments
in natural language processing techniques have enabled the rapid detection of malicious PE files.
Previously, we proposed a method for detecting malicious PE files using printable characters
using two language models for feature extraction and machine-learning. In this study, we
evaluated the method using the latest FFRI dataset consisting of 400,000 benign and 400,000
malicious samples between 2019 and 2021. To the best of our knowledge, this is the first study
to consider the time series of both malicious and benign samples. According to the results,
specific tokens in the printable characters were effective in detecting the latest malicious PE
files. The most practical combination was of the Doc2vec and multilayer perceptron, which
achieved an F1 score of 0.981. Each run time showed an almost linear increase with increasing
dataset size.
Keywords: Malware | Machine learning | Natural language processing
قیمت: رایگان
توضیحات اضافی:
تعداد نظرات : 0