Title: Data Mining Classification Approaches for Malicious Executable File Detection

Issue Number: Vol. 7, No. 3
Year of Publication: Sep - 2018
Page Numbers: 238-242
Authors: Hassan Najadat, Assem Alhawari, Huthifh Al_Rushdan
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002422

Abstract:


Classification technique has many applications in executable files detection. The classification method is one of the most popular data mining technique to detect and predict the behavior of executable files. Every executable file has hexadecimal sequence features, which represent the assembly strings sequences of the executable file, and Portable Executable (PE) features like DLL (Dynamic Link Library). These features reflect the behavior and the characteristics of executable files. Classification according to these behavioral patterns is an efficient way to distinguish the malicious executable file from the normal one. We present an extraction code to get specific features of hexadecimal code among thousands of hex codes and DLL. Since there are huge number of extracted features, three different ranker are utilized to select the most worth features. In this paper, among eight classifiers, Neural Networks and KNN achieves a highest accuracy