Static Malware Detection in Windows Executables Using Deep Neural Networks and Custom Binary Features

Rezaei, Sajjad; Fanian, Ali

doi:10.22042/isecure.2026.241272

Static Malware Detection in Windows Executables Using Deep Neural Networks and Custom Binary Features

Articles in Press

Document Type : Research Article

Authors

Sajjad Rezaei

Ali Fanian

Department of Computer Engineering, Isfahan University of Technology, Isfahan, Iran.

10.22042/isecure.2026.241272

Abstract

The extensive use of malware targeting Windows systems, particularly through Portable Executable (PE) files, has prompted significant research into malware detection. Although many approaches have been proposed, the increasing complexity and evasiveness of modern malware continue to present substantial challenges, underscoring the need for further advancements in detection strategies. This paper introduces a static malware detection framework based on deep learning and a set of carefully engineered binary features extracted directly from raw PE files. In contrast to conventional methods that rely on metadata or dynamic analysis, our approach performs detailed parsing of file headers, section layouts, entropy levels, import/export tables, and embedded resources to form a comprehensive feature set. A deep neural network is trained on these features, with its architecture and hyperparameters fine-tuned using Bayesian optimisation. The model is evaluated on a balanced dataset of benign and malicious PE files, achieving high accuracy (98.83%) and an F1-score of 98.95%. Fully automated and independent of dynamic execution or commercial tools, the proposed solution is well-suited for deployment in real-world applications such as antivirus systems and intrusion detection platforms.

Keywords

Binary Feature Extraction

Deep Neural Network

Malware Classification

Portable Executable Files

Static Analysis