Malwares control computer systems by infecting system files. They take advantage of system compatibilities to ensure their survival from one version to another. The structure of the windows portable executable (PE) files between available versions of the windows operating system (OS) makes these files an easy target for malwares. Fields and codes of clean PE files are modified and changed after infection. Checking both changes and modifications is necessary to detect malwares with a minimum false alarm rate. This paper reviews models that propose to detect PE malwares. It discusses PE structure and identifies the fields and locations that are vulnerable to malwares. It also explains the use of the human immune system and co-stimulation signals as a way to build a biological model for improving the ability of PE malware detection systems.

• 出版日期2010-11-18
• 单位中国人民解放军国防大学