Malware detection on binary executables provides a high availability to even binaries which are not disassembled or decompiled. However, a binary-level approach could cause ambiguity problems. In this paper, we propose a new feature engineering technique that use minimal knowledge about the internal layout on a binary. The proposed feature avoids the ambiguity problems by integrating the information about the layout with structural entropy. The experimental results show that our feature improves accuracy and F1-score by 3.3% and 0.07, respectively, on a CNN based malware detector with realistic benign and malicious samples.
@article{arxiv.2304.02260,
title = {Feature Engineering Using File Layout for Malware Detection},
author = {Jeongwoo Kim and Eun-Sun Cho and Joon-Young Paik},
journal= {arXiv preprint arXiv:2304.02260},
year = {2023}
}
Comments
2pages, no figures, This manuscript was presented in the poster session of The Annual Computer Security Applications Conference (ACSAC) 2020