One aspect of cybersecurity,incorporates the study of Portable Executables(PE)files maleficence.Artificial Intelligence(AI)can be employed in such studies,since AI has the ability to discriminate benign from malicious...One aspect of cybersecurity,incorporates the study of Portable Executables(PE)files maleficence.Artificial Intelligence(AI)can be employed in such studies,since AI has the ability to discriminate benign from malicious files.In this study,an exclusive set of 29 features was collected from trusted implementations,this set was used as a baseline to analyze the presented work in this research.A Decision Tree(DT)and Neural Network Multi-Layer Perceptron(NN-MLPC)algorithms were utilized during this work.Both algorithms were chosen after testing a few diverse procedures.This work implements a method of subgrouping features to answer questions such as,which feature has a positive impact on accuracy when added?Is it possible to determine a reliable feature set to distinguish a malicious PE file from a benign one?when combining features,would it have any effect on malware detection accuracy in a PE file?Results obtained using the proposed method were improved and carried few observations.Generally,the obtained results had practical and numerical parts,for the practical part,the number of features and which features included are the main factors impacting the calculated accuracy,also,the combination of features is as crucial in these calculations.Numerical results included,finding accuracies with enhanced values,for example,NN_MLPC attained 0.979 and 0.98;for DT an accuracy of 0.9825 and 0.986 was attained.展开更多
An information hiding algorithm is proposed, which hides information by embedding secret data into the palette of bitmap resources of portable executable (PE) files. This algorithm has higher security than some trad...An information hiding algorithm is proposed, which hides information by embedding secret data into the palette of bitmap resources of portable executable (PE) files. This algorithm has higher security than some traditional ones because of integrating secret data and bitmap resources together. Through analyzing the principle of bitmap resources parsing in an operating system and the layer of resource data in PE files, a safe and useful solution is presented to solve two problems that bitmap resources are incorrectly analyzed and other resources data are confused in the process of data embedding. The feasibility and effectiveness of the proposed algorithm are confirmed through computer experiments.展开更多
The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are ins...The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.展开更多
文摘One aspect of cybersecurity,incorporates the study of Portable Executables(PE)files maleficence.Artificial Intelligence(AI)can be employed in such studies,since AI has the ability to discriminate benign from malicious files.In this study,an exclusive set of 29 features was collected from trusted implementations,this set was used as a baseline to analyze the presented work in this research.A Decision Tree(DT)and Neural Network Multi-Layer Perceptron(NN-MLPC)algorithms were utilized during this work.Both algorithms were chosen after testing a few diverse procedures.This work implements a method of subgrouping features to answer questions such as,which feature has a positive impact on accuracy when added?Is it possible to determine a reliable feature set to distinguish a malicious PE file from a benign one?when combining features,would it have any effect on malware detection accuracy in a PE file?Results obtained using the proposed method were improved and carried few observations.Generally,the obtained results had practical and numerical parts,for the practical part,the number of features and which features included are the main factors impacting the calculated accuracy,also,the combination of features is as crucial in these calculations.Numerical results included,finding accuracies with enhanced values,for example,NN_MLPC attained 0.979 and 0.98;for DT an accuracy of 0.9825 and 0.986 was attained.
基金supported by the Applied Basic Research Programs of Sichuan Province under Grant No. 2010JY0001the Fundamental Research Funds for the Central Universities under Grant No. ZYGX2010J068
文摘An information hiding algorithm is proposed, which hides information by embedding secret data into the palette of bitmap resources of portable executable (PE) files. This algorithm has higher security than some traditional ones because of integrating secret data and bitmap resources together. Through analyzing the principle of bitmap resources parsing in an operating system and the layer of resource data in PE files, a safe and useful solution is presented to solve two problems that bitmap resources are incorrectly analyzed and other resources data are confused in the process of data embedding. The feasibility and effectiveness of the proposed algorithm are confirmed through computer experiments.
文摘The continuous development of cyberattacks is threatening digital transformation endeavors worldwide and leadsto wide losses for various organizations. These dangers have proven that signature-based approaches are insufficientto prevent emerging and polymorphic attacks. Therefore, this paper is proposing a Robust Malicious ExecutableDetection (RMED) using Host-based Machine Learning Classifier to discover malicious Portable Executable (PE)files in hosts using Windows operating systems through collecting PE headers and applying machine learningmechanisms to detect unknown infected files. The authors have collected a novel reliable dataset containing 116,031benign files and 179,071 malware samples from diverse sources to ensure the efficiency of RMED approach.The most effective PE headers that can highly differentiate between benign and malware files were selected totrain the model on 15 PE features to speed up the classification process and achieve real-time detection formalicious executables. The evaluation results showed that RMED succeeded in shrinking the classification timeto 91 milliseconds for each file while reaching an accuracy of 98.42% with a false positive rate equal to 1.58. Inconclusion, this paper contributes to the field of cybersecurity by presenting a comprehensive framework thatleverages Artificial Intelligence (AI) methods to proactively detect and prevent cyber-attacks.
