@article{ART002707533},
author={Cho Daehee and SEONG JE CHO},
title={An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings},
journal={Journal of Software Assessment and Valuation},
issn={2092-8114},
year={2016},
volume={12},
number={1},
pages={27-36}
TY - JOUR
AU - Cho Daehee
AU - SEONG JE CHO
TI - An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings
JO - Journal of Software Assessment and Valuation
PY - 2016
VL - 12
IS - 1
PB - Korea Software Assessment and Valuation Society
SP - 27
EP - 36
SN - 2092-8114
AB - In order to filter and block illegal software efficiently, software classification is employed. In this paper, we propose a new software classification scheme that effectively categorizes Microsoft Windows executable files using frequency information of strings. The proposed scheme first extracts strings from the .text, .data, .rdata, and .rsrc sections of each Windows executable, and then computes and maintains a score table of the strings by combining Local Document Frequency (LDF), Inverse Document Frequency (IDF), and Inverse Category Frequency (ICF). If a suspicious program (Windows executable) got useful string information, we calculate scores of the strings in the suspicious program based on the score table of strings of each category, sums up the scores, and obtains a total score per each category. Finally, we classify the suspicious program into a specific category which represents the highest total score. For verifying the effectiveness of the proposed scheme, we perform experiments with nine categories and 55 programs each category. The experimental results show that about 75% of the 495 executables are correctly classified.
KW - Software classification;Windows executable;String frequency;Software filtering
DO -
UR -
ER -
Cho Daehee and SEONG JE CHO. (2016). An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings. Journal of Software Assessment and Valuation, 12(1), 27-36.
Cho Daehee and SEONG JE CHO. 2016, "An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings", Journal of Software Assessment and Valuation, vol.12, no.1 pp.27-36.
Cho Daehee, SEONG JE CHO "An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings" Journal of Software Assessment and Valuation 12.1 pp.27-36 (2016) : 27.
Cho Daehee, SEONG JE CHO. An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings. 2016; 12(1), 27-36.
Cho Daehee and SEONG JE CHO. "An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings" Journal of Software Assessment and Valuation 12, no.1 (2016) : 27-36.
Cho Daehee; SEONG JE CHO. An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings. Journal of Software Assessment and Valuation, 12(1), 27-36.
Cho Daehee; SEONG JE CHO. An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings. Journal of Software Assessment and Valuation. 2016; 12(1) 27-36.
Cho Daehee, SEONG JE CHO. An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings. 2016; 12(1), 27-36.
Cho Daehee and SEONG JE CHO. "An Effective Classification Scheme for Microsoft Windows Executables using Frequency Information of Strings" Journal of Software Assessment and Valuation 12, no.1 (2016) : 27-36.
