A novel compression-based approach for malware detection using PE header

Recently, various invasions of malwares and their incurred damages threaten the usability and privacy of computer systems. Due to the dramatic growth of these attacks, malware detection has been brought up as an important topic in computer security. Since traditional signature based techniques embedded in commercial anti-viruses have failed to detect new and obfuscated malwares, machine learning algorithms have been used to detect behavior patterns of malwares via features extracted from programs. In this paper, we propose two methods based on compression models as heuristic malware detection techniques. The main advantage of our approach is eliminating the feature extraction step which is vital and expensive for machine learning based approaches. Also, this study focuses on solving the problem of memory space requirement of these models by applying more compatible input data without changing the raw nature of the programs or the compression algorithm. To evaluate the effectiveness of the proposed methods, several experiments are conducted. The experimental results of both methods show promising improvement of accuracy to support the main idea.