Static Analysis and Machine Learning-based Malware Detection System using PE Header Feature Values

Advances in information and communications technology (ICT) are improving daily convenience and productivity, but new malware threats continue to surge. This paper proposes a malware detection system using various machine learning algorithms and portable executable (PE) Header file static analysis method for malware code, which has recently changed in various forms. Methods/Statistical analysis: This paper proposes a malware detection method that quickly and accurately detects new malware using static file analysis and stacking methods. Furthermore, using information from PE headers extracted through static analysis can detect malware without executing real malware. The features of the pe_packer used in the proposed research method were most efficient in experiments because the extracted data were processed in various ways and applied to machine learning models. So, we chose pe_packer information as the shape data to be used for the stacking model. Detection models are implemented based on additive techniques rather than single models to detect with high accuracy. Findings: The proposed detection system can quickly and accurately classify malware or ordinary files. Moreover, experiments showed that the proposed method has a 95.2% malware detection rate and outperforms existing single model-based detection systems. Improvements/Applications: The proposed research method applies to detecting large new strains of malware.