Static analysis of executable files by machine learning methods
This work addresses malware detection for cybersecurity applications, but it appears incremental as it builds on existing methods like feature selection and ensemble training without introducing major innovations.
The paper tackles the problem of detecting malicious executable files by applying static analysis of binary content, resulting in an ensemble classifier system designed for effective malware detection in uninsulated environments.
The paper describes how to detect malicious executable files based on static analysis of their binary content. The stages of pre-processing and cleaning data extracted from different areas of executable files are analyzed. Methods of encoding categorical attributes of executable files are considered, as are ways to reduce the feature field dimension and select characteristic features in order to effectively represent samples of binary executable files for further training classifiers. An ensemble training approach was applied in order to aggregate forecasts from each classifier, and an ensemble of classifiers of various feature groups of executable file attributes was created in order to subsequently develop a system for detecting malicious files in an uninsulated environment.