{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T11:37:51Z","timestamp":1769945871758,"version":"3.49.0"},"reference-count":18,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2020,12,28]],"date-time":"2020-12-28T00:00:00Z","timestamp":1609113600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100005073","name":"Agency for Defense Development","doi-asserted-by":"publisher","award":["UD190016ED"],"award-info":[{"award-number":["UD190016ED"]}],"id":[{"id":"10.13039\/501100005073","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>The development of information and communication technology (ICT) is making daily life more convenient by allowing access to information at anytime and anywhere and by improving the efficiency of organizations. Unfortunately, malicious code is also proliferating and becoming increasingly complex and sophisticated. In fact, even novices can now easily create it using hacking tools, which is causing it to increase and spread exponentially. It has become difficult for humans to respond to such a surge. As a result, many studies have pursued methods to automatically analyze and classify malicious code. There are currently two methods for analyzing it: a dynamic analysis method that executes the program directly and confirms the execution result, and a static analysis method that analyzes the program without executing it. This paper proposes a static analysis automation technique for malicious code that uses machine learning. This classification system was designed by combining a method for classifying malicious code using a portable executable (PE) structure and a method for classifying it using a PE structure. The system has 98.77% accuracy when classifying normal and malicious files. The proposed system can be used to classify various types of malware from PE files to shell code.<\/jats:p>","DOI":"10.3390\/sym13010035","type":"journal-article","created":{"date-parts":[[2020,12,28]],"date-time":"2020-12-28T20:03:03Z","timestamp":1609185783000},"page":"35","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Automatic Malicious Code Classification System through Static Analysis Using Machine Learning"],"prefix":"10.3390","volume":"13","author":[{"given":"Sungjoong","family":"Kim","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Seongkyu","family":"Yeom","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haengrok","family":"Oh","sequence":"additional","affiliation":[{"name":"Agency for Defense Development, Seoul 05661, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dongil","family":"Shin","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2665-3339","authenticated-orcid":false,"given":"Dongkyoo","family":"Shin","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Sejong University, Seoul 05006, Korea"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,12,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Romero, J.A. (2018). Sustainable advantages of business value of information technology. Encyclopedia of Information Science and Technology, IGI Global. [4th ed.].","DOI":"10.4018\/978-1-5225-2255-3.ch079"},{"key":"ref_2","first-page":"45","article-title":"Research on text mining based malware analysis technology using string information","volume":"21","author":"Ha","year":"2020","journal-title":"J. Internet Comput. Serv."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"386","DOI":"10.1179\/isr.1986.11.4.386","article-title":"Vulnerable technologies: Accident, crime and terrorism","volume":"11","author":"Westrum","year":"1986","journal-title":"Interdiscip. Sci. Rev."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Upchurch, J., and Zhou, X. (2016, January 18\u201321). Malware provenance: Code reuse detection in malicious software at scale. Proceedings of the 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, Puerto Rico.","DOI":"10.1109\/MALWARE.2016.7888735"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"116","DOI":"10.11627\/jkise.2017.40.3.116","article-title":"Evaluation criteria for suitable authentication method for IoT service provider in industry 4.0 environment","volume":"40","author":"Jeong","year":"2017","journal-title":"J. Soc. Korea Ind. Syst. Eng."},{"key":"ref_6","first-page":"44","article-title":"Malicious code trends and detection technologies","volume":"30","author":"Kang","year":"2012","journal-title":"Commun. Korean Inst. Inf. Sci. Eng."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Islam, R., Tian, R., Batten, L., and Versteeg, S. (2010, January 19\u201320). Classification of malware based on string and function feature selection. Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop, Ballarat, VIC, Australia.","DOI":"10.1109\/CTC.2010.11"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Nataraj, L., Yegneswaran, V., Porras, P., and Zhang, J. (2011, January 21). A comparative assessment of malware classification using binary texture analysis and dynamic analysis. Proceedings of the AISec, New York, NY, USA.","DOI":"10.1145\/2046684.2046689"},{"key":"ref_9","first-page":"2180","article-title":"DroidVecDeep: Android malware detection based on Word2Vec and deep belief network","volume":"13","author":"Chen","year":"2019","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"ref_10","first-page":"3756","article-title":"A cross-platform malware variant classification based on image representation","volume":"13","author":"Naeem","year":"2019","journal-title":"KSII Trans. Internet Inf. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"373","DOI":"10.9728\/dcs.2014.15.3.373","article-title":"A study on generic unpacking using entropy of opcode address","volume":"15","author":"Lee","year":"2014","journal-title":"J. Digit. Contents Soc."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., and Lee, H. (2010, January 19\u201320). Generic unpacking using entropy analysis. Proceedings of the 2010 5th International Conference on Malicious and Unwanted Software, Nancy, Lorraine.","DOI":"10.1109\/MALWARE.2010.5665789"},{"key":"ref_13","first-page":"127","article-title":"A development of malware detection tool based on signature patterns","volume":"10","author":"Woo","year":"2005","journal-title":"J. Korea Soc. Comput. Inf."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"804","DOI":"10.1016\/j.procs.2015.02.149","article-title":"Intergrated static and dynamic analysis for malware detection","volume":"46","author":"Shijo","year":"2015","journal-title":"Procedia Comput. Sci."},{"key":"ref_15","unstructured":"VX Heaven (2018, November 09). Vx Heaven Virus Collection 2010-05-18. Available online: http:\/\/vxheaven.org\/."},{"key":"ref_16","unstructured":"(2020, December 28). Scikit-Learn. Available online: https:\/\/scikit-learn.org\/."},{"key":"ref_17","unstructured":"(2018, November 09). Microsoft Malware Classification Challenge (Big 2015). Available online: https:\/\/www.kaggle.com\/c\/malware-classification\/."},{"key":"ref_18","unstructured":"(2020, December 28). Tensorflow. Available online: https:\/\/tensorflow.org\/."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/35\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T10:46:55Z","timestamp":1760179615000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/13\/1\/35"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,28]]},"references-count":18,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,1]]}},"alternative-id":["sym13010035"],"URL":"https:\/\/doi.org\/10.3390\/sym13010035","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,12,28]]}}}