Feature Engineering Using File Layout for Malware Detection. (arXiv:2304.02260v1 [cs.CR])

Malware detection on binary executables provides a high availability to even
binaries which are not disassembled or decompiled. However, a binary-level
approach could cause ambiguity problems. In this paper, we propose a new
feature engineering technique that use minimal knowledge about the internal
layout on a binary. The proposed feature avoids the ambiguity problems by
integrating the information about the layout with structural entropy. The
experimental results show that our feature improves accuracy and F1-score by
3.3% and 0.07, respectively, …

availability binary cnn detection detector engineering entropy file high high availability information internal knowledge malware malware detection problems results score