2021
DOI: 10.1007/s40747-021-00560-1
|View full text |Cite
|
Sign up to set email alerts
|

PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable

Abstract: Enterprises are striving to remain protected against malware-based cyber-attacks on their infrastructure, facilities, networks and systems. Static analysis is an effective approach to detect the malware, i.e., malicious Portable Executable (PE). It performs an in-depth analysis of PE files without executing, which is highly useful to minimize the risk of malicious PE contaminating the system. Yet, instant detection using static analysis has become very difficult due to the exponential rise in volume and variet… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
5
1
1

Relationship

1
6

Authors

Journals

citations
Cited by 20 publications
(9 citation statements)
references
References 44 publications
0
8
0
Order By: Relevance
“…A differential analysis of static and dynamic approach has shown that later provides more dynamic features but suffers from high resource consumption, run time overhead and failure to identify the real behavior of PE. 28 The proposed method is based upon static analysis, therefore relevant and progressive approaches are explained here. In research work, 29 Saxe et al used static features to train their proposed for classification of PE instances.…”
Section: Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…A differential analysis of static and dynamic approach has shown that later provides more dynamic features but suffers from high resource consumption, run time overhead and failure to identify the real behavior of PE. 28 The proposed method is based upon static analysis, therefore relevant and progressive approaches are explained here. In research work, 29 Saxe et al used static features to train their proposed for classification of PE instances.…”
Section: Related Workmentioning
confidence: 99%
“…It is the extension of our previous effort. 28 This native and novel dataset has been made public for further utilization. A comprehensive experimental study on indigenously collected and public datasets is also performed.…”
Section: Conclusion and Future Directionmentioning
confidence: 99%
See 1 more Smart Citation
“…File related features are not limited to but include a histogram of bytes in executable, the entropy of complete file entropy of various parts of files, strings embedded in the executable, N-grams [9] from byte code, N-grams from assembly code, N-grams from API calls, images of hex bytecode of a file [10] [11], images of hex bytecode of different part of a file, etc. Many machine learning models and deep learning models use features with different combinations derived from static analysis [12]. However, malware authors use methods such as obfuscation [13], encryption of various types to evade feature extraction methods.…”
Section: A Static Analysismentioning
confidence: 99%
“…In this method, the system monitors features of samples and tries to find malwares without running them. It is a technique for extracting features from an executable application, such as APIs,Permissions, hardware components and the Intent of the application [1]. These extracted features may be used alone or in combination to detect malware.…”
Section: A Malware Analysismentioning
confidence: 99%