PEAL--Packed executable analysis

Authors:
Vijay Laxmi;Manoj Singh Gaur;Parvez Faruki;Smita Naval
Affiliations:
Department of Computer Engineering, Malaviya National Institute of Technology, Jaipur, India;Department of Computer Engineering, Malaviya National Institute of Technology, Jaipur, India;Department of Computer Engineering, Malaviya National Institute of Technology, Jaipur, India;Department of Computer Engineering, Malaviya National Institute of Technology, Jaipur, India
Venue:
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Year:
2011

Citing 8
Cited 4

Using Entropy Analysis to Find Encrypted and Packed Malware

IEEE Security and Privacy
A Study of the Packer Problem and Its Solutions

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
PE File Header Analysis-Based Packed PE File Detection Technique (PHAD)

CSA '08 Proceedings of the International Symposium on Computer Science and its Applications
Feature set selection in data mining techniques for unknown virus detection: a comparison study

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
A study of cross-validation and bootstrap for accuracy estimation and model selection

IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
A heuristic approach for detection of obfuscated malware

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Structural feature based anomaly detection for packed executable identification

CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems

Mining control flow graph as API call-grams to detect portable executable malware

Proceedings of the Fifth International Conference on Security of Information and Networks
ESCAPE: entropy score analysis of packed executable

Proceedings of the Fifth International Conference on Security of Information and Networks
Behavioural detection with API call-grams to identify malicious PE files

Proceedings of the First International Conference on Security of Internet of Things
AndroSimilar: robust statistical feature signature for Android malware detection

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The proliferation of packed malware has posed a serious threat to computers connected to Internet across the globe. Packers are popular tools used by malware authors to hide malicious payloads that bypass traditional signature antiviruses (AV). Packing being the easiest way to defeat signature based detection, unpacking of samples is important. As unpacking is a time consuming pro- cess, it reduces overall efficiency of AV scanner. Unpacking is a compulsory step in malware analysis, else it would increase the rate of false alarms and misses. In this paper we propose PEAL, a pre---processing phase to identify packed executables from a set of packed and native files. Our method reduces overall execution time of AV by filtering packed samples from non-packed. Experimental results show that the proposed method is capable of identifying packed and native executables with high accuracy.