Computer Security Final Project

Topic 3: Intelligent Anti-Malware Software

Extract useful and meaningful features (WIN API calls, n-gram binaries, op instructions, etc.) from given PE files

Given a binary file, write a program to determine if it is a PE file: check if it begins with the magic word “MZ” followed by a DOS stub and has “PE” signature in the PE file header, check if the binary is 32- or 64- bit.
- Using a hex editor to check bitness of a PE file
- How to check if a binary is 32 or 64 bit on Windows
Given a PE file, write a program code to extract its features
- Import Address Table Hooking Tutorial

Develop an ML algorithm to train model based on selected feature set(s). Then test it on the testing set
Implement a GUI tool for users to scan uploaded PE files. Program should conduct the predictions in the backend and display detection results (benign vs. malicious)

Working code with GUI
Report containing feature detection method, training/detection alg, and experimental results
In class demo that shows detection of any executables in a format of PE

Name		Name	Last commit message	Last commit date
Latest commit History 30 Commits
data		data
models		models
presentation		presentation
.gitignore		.gitignore
README.md		README.md
Screen.py		Screen.py
analyze.py		analyze.py
analyze_training_data.py		analyze_training_data.py
feature_importance.py		feature_importance.py
get-pip.py		get-pip.py
peExctFuncs.py		peExctFuncs.py
peExtract.py		peExtract.py
plot_call_frequencies.py		plot_call_frequencies.py
pre_process.py		pre_process.py
requirements.txt		requirements.txt
results.txt		results.txt
run_model.py		run_model.py
train.py		train.py
train2.py		train2.py
vocab.py		vocab.py