Kashef: A Two-step detector of Windows-based Malicious executable files
Message:
Article Type:
Research/Original Article (دارای رتبه معتبر)
Abstract:
The growing number of malware is one of the major threats in the field of cyber and its detection has always been associated with challenges. Windows-based malicious executable files perform malicious activity at the target operating system level or any other application by manipulating features in their header and obscuring their behavior. Detecting suspicious specimens from a large volume of input samples as well as discovering new and unknown malware is one of the topics that is always researched by researchers. In this study, a combined method has been proposed to determine the level of maliciousness of suspicious executable files. Kashif's proposed method consists of two static modules for extracting executable file header properties, and two behavioral modules for extracting signature-generating properties and a thoughtful behavioral model based on machine learning methods. The purpose of this study is to identify suspicious Windows executable files from the large volume of files and determine their maliciousness level. This method detects malware based on the maliciousness probability of being assigned to each file. Experiments showed a malignancy percentage of six types of malware for PE header detector module, in the range of 62.7 to 70%, Yara-based detector module, in the range of 70.8 to 78.2%, Behavioral signature-based detector module, 98% and ML-based detector module by using Random forest learning algorithm has been 99% accuracy. The experimental results also showed that Kashef detected 94% of the protected malware with a 2% improvement compared to the results of 10 similar products. And with 98% detection of unprotected malware, there is a 5% improvement compared to the results of 10 similar products.
Language:
Persian
Published:
Journal of Electronic and Cyber Defense, Volume:10 Issue: 2, 2022
Pages:
141 to 154
magiran.com/p2521223  
دانلود و مطالعه متن این مقاله با یکی از روشهای زیر امکان پذیر است:
اشتراک شخصی
با عضویت و پرداخت آنلاین حق اشتراک یک‌ساله به مبلغ 990,000ريال می‌توانید 70 عنوان مطلب دانلود کنید!
اشتراک سازمانی
به کتابخانه دانشگاه یا محل کار خود پیشنهاد کنید تا اشتراک سازمانی این پایگاه را برای دسترسی نامحدود همه کاربران به متن مطالب تهیه نمایند!
توجه!
  • حق عضویت دریافتی صرف حمایت از نشریات عضو و نگهداری، تکمیل و توسعه مگیران می‌شود.
  • پرداخت حق اشتراک و دانلود مقالات اجازه بازنشر آن در سایر رسانه‌های چاپی و دیجیتال را به کاربر نمی‌دهد.
دسترسی سراسری کاربران دانشگاه پیام نور!
اعضای هیئت علمی و دانشجویان دانشگاه پیام نور در سراسر کشور، در صورت ثبت نام با ایمیل دانشگاهی، تا پایان فروردین ماه 1403 به مقالات سایت دسترسی خواهند داشت!
In order to view content subscription is required

Personal subscription
Subscribe magiran.com for 50 € euros via PayPal and download 70 articles during a year.
Organization subscription
Please contact us to subscribe your university or library for unlimited access!