Malware/Benign Pre-Filter Analysis based on PE and PDF - Using Artificial Intelligence and Machine Learning

In a society that everyone enjoys the convenience of information and file exchanges, security plays a critical role. Unfortunately, attacks through the exchanges of malicious files are a common practice. To prevent such attacks, an intuitive solution is to build a detection mechanism to screen suspicious files. To this end, Zyxel Inc. has a “Prefilter” that is able to scan and identify suspicious files of 13 file types. However, this “Prefilter” is rule-based and built on features found in the known malicious files. The pros of this system are all the rules are explainable and the rules are easy to adjust. The cons of this system are its steep maintenance cost and failure of detecting new types of attacks.The original purpose of Prefilter is to reduce the number of required detections at the back-end service, which usually incur a much higher cost. In this project, we will focus on two types of files that are exchanged in the network most frequently: PDF and EXE files. We expect, by means of the techniques of machine learning and deep learning, to implement a filter that is accurate, lightweight, and adaptive.