A Malware Detection Method Based on Static Analysis of PE Structure

This article study and compare malware families and malware detection methods and propose a new and efficient method for malware detection by static analysis. Proposed method based on PE Structure of executable files. Our method propose some new feathers such as quantity، name and size of sections، name of system calls and their libraries in IAT and EAT table، entry point and entropy for detection and distinguishes malwares and benign files by observing and exploring PE structure and header of mentioned files very deeply. These feathers can assign positive and negative point to determine malignant or benign rate of an unknown executable file by formulas of proposed method. We extract these features by doing data-mining on a large scale consist near 15000 malwares and 13500 benign files and used machine learning techniques for train and learn an intelligent rule base model for malware detection. Proposed method of this article cluster malwares in 5 and benign files in 2 families. This article evaluate accuracy of proposed method in detection and clustering malware and benign files and indicate that proposed method can detect and cluster malwares by more than 95 percent in accuracy and compete with other methods and get second ranked.