PEA: PE Analyzer-Detecting PE malware Using Machine Learning Algorithms
Primary Investigator:
Connie Justice
Rushabh Vyas, Xiao Luo, Nichole McFarland, Connie Justice
Abstract
Malware continues to be a critical concern foreveryone from home users to enterprises. Today, most devices areconnected through networks to the Internet. Therefore, maliciouscode can easily and rapidly spread. The objective of this paper isto examine how malicious portable executable (PE) files can bedetected on the network by utilizing machine learning algorithms.The efficiency and effectiveness of the network detection relyon the number of features and the learning algorithms. In thiswork, we examined 28 features extracted from metadata, packing,imported DLLs and functions of four different types of PE filesfor malware detection. The returned results showed that theproposed system can achieve 98.7% detection rates, 1.8% falsepositive rate, and with an average scanning speed of 0.5 secondsper file in our testing network environment.