[lady_godiva]

I can explain you the details, however, I am not sure if my approach is scientifically correct. I had a discussion with a professor in this field, who told me he would try to help me, but I didn't get any info so far. It seems that this isn't as easy as I thought it would be. I have made assumptions, e.g. the independence of probabilities that certain anomalies occur, which are probably not correct.

So, basically, I created something that is good enough to work in practice, but the scientific explanation is not yet sufficient.
It is part of my master thesis and would like you to wait until december for more details.

Thanks for the answer, i'm looking forward to read your thesis once you're done.

If i can give you my 2 cents, you said you made an assumption regarding the independence of probabilities that certain anomalies occur. This assumption is correct for Naive Bayes classifier (which is not a Beyesian method) but is still very similar to Bayes' Theorem. Considering the anomalies independent is correct in my opinion.

So far, the scientific approach is correct, everything you did makes perfect sense. Of course, it must have been a pain assigning probabilites to each anomaly (and this is why i was asking about machine learning, as it would have made things easier), but once you have those probabilities and you can recognize them among PE files than it's all about calculations.

I'm confident that you can make it on your own, i got no doubt about that, anyway recently i made a similar work about Machine Learning techniques for malware detection on Android devices, so if i can be of any help don't hesitate writing me!