A Malware Detection Scheme Based on Mining Format Information

<table class="table-group" id="tab2"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td align="left">Feature description</td><td align="center">Type</td><td align="center">Quantity</td></tr><tr><td align="center" colspan="3"><hr/></td></tr><tr><td align="left">DLLs referred</td><td align="center">Integer</td><td align="center">30</td></tr><tr><td align="left">APIs referred</td><td align="center">Integer</td><td align="center">30</td></tr><tr><td align="left">The number of DLLs referred</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">The number of APIs referred</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">The number of sections</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">The number of symbols in export table</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">The number of items in reloc section</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">Dos header—e_lfanew</td><td align="center">Integer</td><td align="center">1</td></tr><tr><td align="left">IMAGE_FILE_HEADER</td><td align="center">Integer</td><td align="center">5</td></tr><tr><td align="left">IMAGE_OPTIONAL_HEADER</td><td align="center">Integer</td><td align="center">16</td></tr><tr><td align="left">IMAGE_DATA_DIRECTORY</td><td align="center">Integer</td><td align="center">32</td></tr><tr><td align="left">.text section—header field</td><td align="center">Integer</td><td align="center">11</td></tr><tr><td align="left">.data section—header field</td><td align="center">Integer</td><td align="center">11</td></tr><tr><td align="left">.rsrc section—header field</td><td align="center">Integer</td><td align="center">11</td></tr><tr><td align="left">.rdata section—header field</td><td align="center">Integer</td><td align="center">11</td></tr><tr><td align="left">.reloc section—header field</td><td align="center">Integer</td><td align="center">11</td></tr><tr><td align="left">Resource directory table and resources</td><td align="center">Integer</td><td align="center">23</td></tr><tr><td align="center" colspan="3"><hr/></td></tr><tr><td align="center" colspan="2">Total</td><td align="center">197</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

List of the features extracted from PE files.

The Scientific World Journal

tab2

Table 2

Table 2: A Malware Detection Scheme Based on Mining Format Information 