A Research on the Heuristic Signature Virus Detection Based on the PE Structure
Authors
Di Gao, Guisheng Yin, Yuxin Dong, Liang Kou
Corresponding Author
Di Gao
Available Online December 2013.
- DOI
- 10.2991/eeic-13.2013.16How to use a DOI?
- Keywords
- PE virus; heuristic signatures; Win32 PE file structure
- Abstract
With the development of network technology, computer networks are becoming increasingly popular in people's daily life. Computer brings us not only convenience but also potential problems caused by computer viruses. Most viruses are Win32 PE viruses. This paper firstly analyzes the Win32 PE file structure, then analyzes the virus’s Principles of infection in detail and finds the PE virus Heuristic feature vector and stores Heuristic feature vector into a database. It reduces the redundant feature items with the feature extraction method of minimizing discriminate entropy. Finally the improved KNN algorithm is used to classify. The experiment results show that the method has a high hit rate and lower missing rate.
- Copyright
- © 2013, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Di Gao AU - Guisheng Yin AU - Yuxin Dong AU - Liang Kou PY - 2013/12 DA - 2013/12 TI - A Research on the Heuristic Signature Virus Detection Based on the PE Structure BT - Proceedings of the 3rd International Conference on Electric and Electronics PB - Atlantis Press SP - 67 EP - 72 SN - 1951-6851 UR - https://doi.org/10.2991/eeic-13.2013.16 DO - 10.2991/eeic-13.2013.16 ID - Gao2013/12 ER -