关键词: 恶意软件检测，结构特征，数据挖掘,PE

Abstract: In order to solve the problems existing in malware detection, we proposed a novel malware detection approach by mining structural features of PE (Portable Executable) files and conducted the against recent Win32 malwares. Experimental results indicate that the accuracy of our method is 99. 1% and the value of the AUC is 0. 998 which is close to 1(The AUC value of the best possible classifier) and better than that of other static approaches. Compared with other static approaches, our method achieves higher detection accuracy with less detection time, is hard to evade by malware which applies the obfuscation and packing technique, and is real-time deployable. Most malware detection approaches using data mining may overfit experimental data in feature selection, but our experiments show that our method overcomes this problem.

Key words: Malware detection, Structural features,Data mining,PE