By Topic

Header information in malware families and impact on automated classifiers

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Andrew Walenstein ; Department of Computer Science, University of Louisiana at Lafayette, USA ; Daniel J. Hefner ; Jeffery Wichers

The metadata embedded in program executables provides information that can be useful for automated malware detection or classification. With potentially tens of thousands of variants per malware family, it is unclear how much consistency there is in the metadata, and whether different families exhibit different consistencies. Header information from multiple variants of recent malware was studied to understand the variability of the header information within and among malware families. Classification accuracy extracted using multiple common classifiers showed that, even for rapidly mutating malware families, classifiers trained on header information can outperform ones trained on the program bodies. The results also show that some families have highly consistent header information; this fact suggests limited evolutionary pressure from defense systems. The results indicate that care is needed when evaluating classifiers operating on header as well as program body information.

Published in:

Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on

Date of Conference:

19-20 Oct. 2010