Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
A Study of the Packer Problem and Its Solutions
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)
CSA '08 Proceedings of the International Symposium on Computer Science and its Applications
Feature set selection in data mining techniques for unknown virus detection: a comparison study
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A study of cross-validation and bootstrap for accuracy estimation and model selection
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A heuristic approach for detection of obfuscated malware
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Structural feature based anomaly detection for packed executable identification
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Mining control flow graph as API call-grams to detect portable executable malware
Proceedings of the Fifth International Conference on Security of Information and Networks
ESCAPE: entropy score analysis of packed executable
Proceedings of the Fifth International Conference on Security of Information and Networks
Behavioural detection with API call-grams to identify malicious PE files
Proceedings of the First International Conference on Security of Internet of Things
AndroSimilar: robust statistical feature signature for Android malware detection
Proceedings of the 6th International Conference on Security of Information and Networks
Hi-index | 0.00 |
The proliferation of packed malware has posed a serious threat to computers connected to Internet across the globe. Packers are popular tools used by malware authors to hide malicious payloads that bypass traditional signature antiviruses (AV). Packing being the easiest way to defeat signature based detection, unpacking of samples is important. As unpacking is a time consuming pro- cess, it reduces overall efficiency of AV scanner. Unpacking is a compulsory step in malware analysis, else it would increase the rate of false alarms and misses. In this paper we propose PEAL, a pre---processing phase to identify packed executables from a set of packed and native files. Our method reduces overall execution time of AV by filtering packed samples from non-packed. Experimental results show that the proposed method is capable of identifying packed and native executables with high accuracy.