Optimized feature representation and selection for malware detection using portable executable headers and machine learning

Optimized feature representation and selection for malware detection using portable executable headers and machine learning

연구 분야: Safety

학회: Journal of Computer Virology and Hacking Techniques

Feature representation techniques inherently introduce computational overhead, and conventional feature selection methodologies often discard closely correlated attributes, deeming them redundant. This study leverages Portable Executable Header (PEH) characteristics to construct an enriched feature representation, ensuring the preservation of critical and distinctive information while facilitating efficient extraction. A preliminary evaluation is conducted across six machine learning (ML) classifiers to identify the two most effective models for malware detection applications. To enhance feature representation, an advanced data preprocessing pipeline is employed prior to feature selection (FS). A Relief-F-based filtering mechanism is utilized to assign weighted importance to individual features, thereby preserving all relevant information. Iterative training with various weighted feature subsets enables the identification of an optimal, compact feature subset, denoted as . The proposed methodology achieves a substantial reduction of feature overhead by 79.7%, demonstrating an impressive malware detection accuracy of 99.4% under a 10-fold cross-validation paradigm. Furthermore, the robustness of the model is validated across multiple test scenarios, ensuring consistent performance. When evaluated on a newly curated dataset comprising PE headers extracted from Windows 7 and malware executables, the proposed framework achieves an accuracy of 97.16% and an F-score of 95.5%, underscoring its efficacy and adaptability in real-world malware detection tasks.