Static Malware Analysis Using Machine Learning Algorithms on APT1 Dataset with String and PE Header Features

摘要

Static malware analysis is used to analyze executable files without executing the code to determine whether a file is malicious or not. Data analytic and machine learning techniques have been used increasingly to help process the large number of malware files circulating in the wild and detect new attacks. In this paper, we present the design and implementation of six different machine learning classifiers, and two distinct categories of features statically extracted from the executables: strings and Portable Executable header information. A total of twelve malware detectors were implemented for each of the six classifiers to operate with each of the two feature categories separately. These classifiers and feature extraction algorithms were implemented in Python using the scikit-learn machine learning library. The performances in detection accuracy and required processing time of the twelve malware detectors were compared and analyzed.