Increasing the Accuracy of Malware Detection in PE Files Using Advanced Machine-Learning Techniques
This work presents the design and implementation of a new malware detection system for Portable Executable (PE) files in the Windows operating system using machine learning methods. The system uses various techniques for extracting attributes from binary files, including the n-gram method, branch an...
Gespeichert in:
| Veröffentlicht in: | IEEE access Jg. 13; S. 191180 - 191202 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Piscataway
IEEE
2025
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Schlagworte: | |
| ISSN: | 2169-3536, 2169-3536 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | This work presents the design and implementation of a new malware detection system for Portable Executable (PE) files in the Windows operating system using machine learning methods. The system uses various techniques for extracting attributes from binary files, including the n-gram method, branch analysis of instructions, and frequency analysis of instructions, which are combined with information about imported functions. To improve the classification accuracy and optimize the computational effort, neural networks with different architectures were trained and optimized. The implemented API (Application Programming Interface) interface allows easy integration of the system into existing security solutions and offers flexibility in the choice of classification models. Experimental results are compared with commercial detection systems, while the detection accuracy and false positive and false negative rates are analyzed. The limitations of the proposed approach, possibilities for its improvement, and perspectives for further use of machine learning in the field of malware detection are discussed in the conclusion of the work. |
|---|---|
| AbstractList | This work presents the design and implementation of a new malware detection system for Portable Executable (PE) files in the Windows operating system using machine learning methods. The system uses various techniques for extracting attributes from binary files, including the n-gram method, branch analysis of instructions, and frequency analysis of instructions, which are combined with information about imported functions. To improve the classification accuracy and optimize the computational effort, neural networks with different architectures were trained and optimized. The implemented API (Application Programming Interface) interface allows easy integration of the system into existing security solutions and offers flexibility in the choice of classification models. Experimental results are compared with commercial detection systems, while the detection accuracy and false positive and false negative rates are analyzed. The limitations of the proposed approach, possibilities for its improvement, and perspectives for further use of machine learning in the field of malware detection are discussed in the conclusion of the work. |
| Author | Bridova, Ivana Papan, Jozef Janovec, Michal Scasny, Martin |
| Author_xml | – sequence: 1 givenname: Jozef orcidid: 0000-0001-8118-7513 surname: Papan fullname: Papan, Jozef organization: University of Žilina, Žilina, Slovakia – sequence: 2 givenname: Martin surname: Scasny fullname: Scasny, Martin organization: University of Žilina, Žilina, Slovakia – sequence: 3 givenname: Ivana orcidid: 0000-0002-7862-8792 surname: Bridova fullname: Bridova, Ivana email: ivana.bridova@uniza.sk organization: University of Žilina, Žilina, Slovakia – sequence: 4 givenname: Michal orcidid: 0009-0007-2567-0691 surname: Janovec fullname: Janovec, Michal organization: University of Žilina, Žilina, Slovakia |
| BookMark | eNpNUU1PGzEQtSoqFSi_oD1Y6nlTf629e4xCaCMFtVLC2fKOx8RRsMG7oeLfd8OiFl_Gmnnvzce7IGcpJyTkC2czzln7fb5YLDebmWCinkktjBTqAzkXXLeVrKU-e_f_RK76fs_G14yp2pwTWCUo6PqY7umwQzoHOBYHLzQHeusOf1xBeo0DwhBzojHR30t6Ew_Y07tXztw_uwToRzDsYsJqja6kU2WLsEvx6Yj9Z_IxuEOPV2_xktzdLLeLn9X614_VYr6uQBitqs632hvTudCG1psgvGLcsI4p43nHdANGepBBqACGs9Ciqk2QJjDNUICQl2Q16frs9vaxxAdXXmx20b4mcrm3rgwRDmg7wdl4qq6tuVZOdZ3TiA00UAupObaj1rdJ67Hk0w6D3edjSeP4VgrDueFK1SNKTigoue8Lhn9dObMnc-xkjj2ZY9_MGVlfJ1ZExP8MLoSoGyb_AmdXi4M |
| CODEN | IAECCG |
| Cites_doi | 10.1016/j.comcom.2022.08.015 10.3390/fi15060214 10.1109/icse-seip58684.2023.00031 10.1109/access.2024.3519524 10.1007/978-3-031-66245-4_9 10.1007/978-981-15-0029-9_62 10.1109/access.2023.3313409 10.1007/s11416-023-00505-x 10.1109/tii.2025.3556075 10.1109/ibcast.2019.8667202 10.5220/0007470705280535 10.1109/access.2023.3319093 10.1109/icassp.2015.7178304 10.3390/electronics9111777 10.1109/icoice48418.2019.9035187 10.1201/9781420030884 10.1109/iccsea54677.2022.9936121 10.1007/978-981-15-8086-4_8 10.1109/tbme.2020.2994152 10.1145/3395042 10.1109/access.2024.3388716 10.1109/access.2023.3300381 10.1109/access.2024.3452675 10.1016/j.cose.2024.104233 10.1007/978-3-031-33488-7_19 10.1109/icicip.2014.7010353 10.1109/cosmic63293.2024.10871898 10.1007/s11416-016-0283-1 10.1007/s11416-025-00555-3 10.1109/access.2023.3256979 10.1109/tetc.2024.3439884 10.1109/access.2021.3089586 10.1109/ccst.1991.202223 10.1109/ic2ie60547.2023.10331246 10.1145/3318299.3318305 10.1109/tcbb.2017.2691329 10.1109/lcsys.2021.3085172 10.1007/s11416-015-0261-z 10.1109/access.2023.3262265 10.1109/malware.2015.7413680 10.1109/noms56928.2023.10154321 10.3390/app10217673 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2025 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2025 |
| DBID | 97E ESBDL RIA RIE AAYXX CITATION 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D DOA |
| DOI | 10.1109/ACCESS.2025.3627324 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005-present IEEE Open Access Journals IEEE All-Society Periodicals Package (ASPP) 1998-Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Engineered Materials Abstracts METADEX Technology Research Database Materials Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef Materials Research Database Engineered Materials Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace METADEX Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Materials Research Database |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website – sequence: 2 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2169-3536 |
| EndPage | 191202 |
| ExternalDocumentID | oai_doaj_org_article_b210627b95164a4bba6ee8c8c52361e9 10_1109_ACCESS_2025_3627324 11222580 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Slovak Grant Agency through the VEGA Project Fast Reroute grantid: 1/0316/24 |
| GroupedDBID | 0R~ 4.4 5VS 6IK 97E AAJGR ABAZT ABVLG ACGFS ADBBV AGSQL ALMA_UNASSIGNED_HOLDINGS BCNDV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS EJD ESBDL GROUPED_DOAJ IPLJI JAVBF KQ8 M43 M~E O9- OCL OK1 RIA RIE RNS AAYXX CITATION 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c2764-bd96d77baf9f9d7f2d40170b047d1b068c73dc3f24fc710f9e457f37f060e2c23 |
| IEDL.DBID | DOA |
| ISSN | 2169-3536 |
| IngestDate | Mon Dec 01 19:30:57 EST 2025 Thu Nov 13 04:44:31 EST 2025 Thu Nov 27 00:49:14 EST 2025 Wed Nov 19 08:27:10 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | https://creativecommons.org/licenses/by/4.0/legalcode |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c2764-bd96d77baf9f9d7f2d40170b047d1b068c73dc3f24fc710f9e457f37f060e2c23 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-7862-8792 0009-0007-2567-0691 0000-0001-8118-7513 |
| OpenAccessLink | https://doaj.org/article/b210627b95164a4bba6ee8c8c52361e9 |
| PQID | 3271171445 |
| PQPubID | 4845423 |
| PageCount | 23 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_b210627b95164a4bba6ee8c8c52361e9 crossref_primary_10_1109_ACCESS_2025_3627324 proquest_journals_3271171445 ieee_primary_11222580 |
| PublicationCentury | 2000 |
| PublicationDate | 20250000 2025-00-00 20250101 2025-01-01 |
| PublicationDateYYYYMMDD | 2025-01-01 |
| PublicationDate_xml | – year: 2025 text: 20250000 |
| PublicationDecade | 2020 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE access |
| PublicationTitleAbbrev | Access |
| PublicationYear | 2025 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref12 ref15 ref53 Hahn (ref14) 2014 ref10 ref54 ref17 ref16 ref19 (ref2) 2025 ref18 (ref30) 2025 ref51 ref50 ref45 ref47 ref42 ref41 ref43 ref49 ref7 ref9 ref4 Ahlgren (ref46) 2021 ref3 ref6 (ref21) 2025 ref5 ref35 ref34 ref37 ref36 ref31 ref33 ref32 (ref38) 2025 Roth (ref48) 2019 ref1 ref39 Jones (ref44) 2025 (ref8) 2025 ref24 ref23 ref26 ref25 ref20 ref22 ref28 ref27 ref29 (ref40) 2025 (ref11) 2025 Severyn (ref52) 2025 |
| References_xml | – ident: ref47 doi: 10.1016/j.comcom.2022.08.015 – ident: ref28 doi: 10.3390/fi15060214 – ident: ref33 doi: 10.1109/icse-seip58684.2023.00031 – ident: ref10 doi: 10.1109/access.2024.3519524 – ident: ref6 doi: 10.1007/978-3-031-66245-4_9 – ident: ref41 doi: 10.1007/978-981-15-0029-9_62 – volume-title: Malware Statistics & Trends Report | AV-TEST year: 2025 ident: ref2 – ident: ref19 doi: 10.1109/access.2023.3313409 – ident: ref45 doi: 10.1007/s11416-023-00505-x – ident: ref23 doi: 10.1109/tii.2025.3556075 – volume-title: Kaspersky Security Bulletin 2023 year: 2025 ident: ref8 – ident: ref12 doi: 10.1109/ibcast.2019.8667202 – volume-title: World of Malware Analysis and Threat Hunting year: 2025 ident: ref21 – ident: ref42 doi: 10.5220/0007470705280535 – ident: ref3 doi: 10.1109/access.2023.3319093 – ident: ref24 doi: 10.1109/icassp.2015.7178304 – volume-title: Malware Generation Tool That Used Metamorphic Approaches | by Erkan Yilmaz | Medium year: 2025 ident: ref30 – volume-title: Malware Anti-VM Techniques year: 2025 ident: ref40 – ident: ref50 doi: 10.3390/electronics9111777 – ident: ref35 doi: 10.1109/icoice48418.2019.9035187 – ident: ref25 doi: 10.1201/9781420030884 – volume-title: Malware Obfuscation, Encoding and Encryption | Infosec year: 2025 ident: ref38 – ident: ref9 doi: 10.1109/iccsea54677.2022.9936121 – ident: ref7 doi: 10.1007/978-981-15-8086-4_8 – ident: ref36 doi: 10.1109/tbme.2020.2994152 – ident: ref34 doi: 10.1145/3395042 – ident: ref27 doi: 10.1109/access.2024.3388716 – ident: ref1 doi: 10.1109/access.2023.3300381 – year: 2014 ident: ref14 article-title: Robust static analysis of portable executable malware – volume-title: PE Format—Win32 Apps | Microsoft Learn year: 2025 ident: ref11 – ident: ref15 doi: 10.1109/access.2024.3452675 – ident: ref53 doi: 10.1016/j.cose.2024.104233 – ident: ref4 doi: 10.1007/978-3-031-33488-7_19 – ident: ref39 doi: 10.1109/icicip.2014.7010353 – ident: ref13 doi: 10.1109/cosmic63293.2024.10871898 – volume-title: Comparing State-of-the-Art Machine Learning Malware Detection Methods on Windows year: 2021 ident: ref46 – ident: ref51 doi: 10.1007/s11416-016-0283-1 – volume-title: Adapting Linguistic Deception Cues for Malware Detection year: 2025 ident: ref52 – ident: ref18 doi: 10.1007/s11416-025-00555-3 – ident: ref29 doi: 10.1109/access.2023.3256979 – ident: ref32 doi: 10.1109/tetc.2024.3439884 – ident: ref43 doi: 10.1109/access.2021.3089586 – ident: ref26 doi: 10.1109/ccst.1991.202223 – ident: ref16 doi: 10.1109/ic2ie60547.2023.10331246 – ident: ref49 doi: 10.1145/3318299.3318305 – ident: ref37 doi: 10.1109/tcbb.2017.2691329 – ident: ref31 doi: 10.1109/lcsys.2021.3085172 – ident: ref22 doi: 10.1007/s11416-015-0261-z – ident: ref17 doi: 10.1109/access.2023.3262265 – ident: ref5 doi: 10.1109/malware.2015.7413680 – start-page: 165 volume-title: Malware Analysis and Classification Using Deep Learning year: 2025 ident: ref44 – volume-title: An Evaluation of Machine Learning Approaches for Hierarchical Malware Classification year: 2019 ident: ref48 – ident: ref20 doi: 10.1109/noms56928.2023.10154321 – ident: ref54 doi: 10.3390/app10217673 |
| SSID | ssj0000816957 |
| Score | 2.3343089 |
| Snippet | This work presents the design and implementation of a new malware detection system for Portable Executable (PE) files in the Windows operating system using... |
| SourceID | doaj proquest crossref ieee |
| SourceType | Open Website Aggregation Database Index Database Publisher |
| StartPage | 191180 |
| SubjectTerms | Accuracy Application programming interface Application programming interfaces Classification Codes Detection system Feature extraction Machine learning Malware Neural networks Operating systems PE files Security Symbols Training Windows (computer programs) |
| SummonAdditionalLinks | – databaseName: IEEE Electronic Library (IEL) dbid: RIE link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1JT9wwFLYo4gAHWjYxLJUPHAlkcfLi43Rg1EsRB5C4WV4REsqgWUD8e95zPEBVcegtiRzF9ue3Oc_fY-yE-GGIwyQTUkOGJqDOZGNQGRIHKvnMRrhYbAKurtq7O3mdDqvHszDe-5h85s_oMv7LdxO7oK2yc_QNcPm1GKF_A4D-sNb7hgpVkJA1JGahIpfnw9EIB4ExYFmfoZ6GqhR_WZ9I0p-qqvyjiqN9GX__z579YJvJkeTDHvkttuK7bbbxiV5wh1kUfso5xxuOfh4fWruYavvKJ4H_0Y8veur5hZ_HZKyOP3T8-pKPUUvMeEwk4MOUH4CNKePSZ4mM9Z7fLJlfZ7vsdnx5M_qdpaIKmS2hEZlxsnEARgcZpINQOkEUOiYX4AqTN62FytkqlCJY9D6C9KKGUEHIm9yXtqz22Go36fw-414WIW9tW1TWouhrHZwQaPJD2wQw0gzY6XKy1VPPnaFizJFL1WOjCBuVsBmwXwTIe1Mivo4PcKZVkiNlMETF5gYdw0ZoYYxuvMc-2JpYZLwcsF1C5-N7CZgBO1riq5KUzlRVQkEF4EV98MVrh2ydutjvuRyx1fl04Y_Zmn2eP8ymP-MCfAPi1Ndp priority: 102 providerName: IEEE |
| Title | Increasing the Accuracy of Malware Detection in PE Files Using Advanced Machine-Learning Techniques |
| URI | https://ieeexplore.ieee.org/document/11222580 https://www.proquest.com/docview/3271171445 https://doaj.org/article/b210627b95164a4bba6ee8c8c52361e9 |
| Volume | 13 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVAON databaseName: DOAJ Directory of Open Access Journals customDbUrl: eissn: 2169-3536 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000816957 issn: 2169-3536 databaseCode: DOA dateStart: 20130101 isFulltext: true titleUrlDefault: https://www.doaj.org/ providerName: Directory of Open Access Journals – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 2169-3536 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000816957 issn: 2169-3536 databaseCode: M~E dateStart: 20130101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV29S8QwFA8iDjqIHydWT8ngaL02TZNmPM87XBQHBbeQpIkIUuV6p7j4t_uS5vTEwcWl0BJI83t9X-nL7yF04vlhPIdJSoXiKbiAMhVMgzH0HKg-Zta0Ds0m-PV1dX8vbpZaffmasI4euANuoCEnYYRriAQYVVRrxaytTGVKTxtiw9E9iHqWkqlgg6uciZJHmqE8E4PhaAQrgoSQlGdgtHlB6A9XFBj7Y4uVX3Y5OJvJFtqMUSIedm-3jVZss4M2lrgDd5EBzfYF5XCDIYjDQ2PmU2Xe8bPDV-rpTU0tvrCzUGnV4McG34zxBExAi0OVAB7Gn_8w2JdT2jQyrT7g2wWta9tDd5Px7egyjR0TUkM4o6muBas518oJJ2ruSE09P47OKK9znbHK8KI2hSPUGQgtnLC05K7gLmOZJYYUe2i1eW7sPsJW5C4DnPPCGNBrpVxNKfhzVzEH0tAJOl2AJ186YgwZEopMyA5r6bGWEesEnXuAv4Z6VuvwAGQto6zlX7JOUM-L53u-3GerVZag_kJeMqpgKwvCc9_dnZYH_zH3IVr36-l2X_podTad2yO0Zl5nj-30OHx9cL36GB-HM4SfWdfbvA |
| linkProvider | Directory of Open Access Journals |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1Lb9QwEB6hggQ9UB5FbCngA0fSJo4Tx8dl21UR7aqHRerN8rOqhLJoH0X8-8443gJCHLglkaPY_jzjmcn4G4APxA9DHCaFUEYWuAU0hWotKkPiQCWb2Qqfik3I2ay7ulKX-bB6OgsTQkjJZ-GILtO_fL9wGwqVHaNtgMuvQw_9YSMEr4bjWvchFaohoRqZuYWqUh2PJxMcBnqBvDlCTS1rLv7YfxJNf66r8pcyTjvMdO8_-_YMnmZTko0H7J_Dg9C_gN3fCAZfgkPxp6xzvGFo6bGxc5ulcT_ZIrIL8-2HWQZ2EtYpHatnNz27PGVT1BMrllIJ2DhnCGBjyrkMRaZjvWbzLffrah--Tk_nk7Mil1UoHJetKKxXrZfSmqii8jJyL4hEx5ZC-sqWbedk7V0duYgO7Y-ogmhkrGUs2zJwx-tXsNMv-vAaWFBVLDvXVbVzKPzGRI-4CB67Nkqr7Ag-bidbfx_YM3TyOkqlB2w0YaMzNiP4RIDcNyXq6_QAZ1pnSdIWnVRsbtE0bIUR1po2BOyDa4hHJqgR7BM6v76XgRnB4RZfneV0pWsuKyoBL5qDf7z2Hh6fzS_O9fnn2Zc38IS6O0RgDmFnvdyEt_DI3a5vVst3aTHeAT072rA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Increasing+the+Accuracy+of+Malware+Detection+in+PE+Files+Using+Advanced+Machine-Learning+Techniques&rft.jtitle=IEEE+access&rft.au=Papan%2C+Jozef&rft.au=Scasny%2C+Martin&rft.au=Bridova%2C+Ivana&rft.au=Janovec%2C+Michal&rft.date=2025&rft.pub=IEEE&rft.eissn=2169-3536&rft.volume=13&rft.spage=191180&rft.epage=191202&rft_id=info:doi/10.1109%2FACCESS.2025.3627324&rft.externalDocID=11222580 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon |