A Mathematical Theory of Communication
A Mathematical Theory of Communication
Coding and Information Theory
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Structural feature based anomaly detection for packed executable identification
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
PEAL--Packed executable analysis
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
| Hi-index | 0.00 |
Malware developers hide the malicious payload of malware binary by employing various obfuscation techniques. One such technique commonly applied is packing. Packer transforms the original bytes so it is difficult to recognize the behaviour of any executable. Although the contents of a file is changed, some byte patterns may be preserved across different packed executables. Malware detectors need to apply unpacking mechanism prior to any detection or analysis to every sample under consideration. In this paper, we have proposed a method that discriminate packed binaries from the native files to minimize the processing time of AV scanners. We have used the blockwise entropy score of byte features of the executable. Experimental results show that the proposed method is capable of identifying packed and native executable which are packed using different malware packers.