Detection of packed malware

  • Authors:

  • Dhruwajita Devi;Sukumar Nandi

  • Affiliations:

  • Indian Institute of Technology Guwahati, Guwahati, Assam, India;Indian Institute of Technology Guwahati, Guwahati, Assam, India

  • Venue:
  • Proceedings of the First International Conference on Security of Internet of Things
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Packing is the most popular obfuscation technique used by malware writers' community in present scenario. The traditional signature-based anti-virus software had played a major role in malware detection, until the dawn of the trend of packed malware. Hence to evade detection of the malwares, a malicious writer relies on packers' softwares; which transforms the binary appearance of the programs without affecting its execution semantics. Therefore the biggest challenge today for malware detection techniques is to figure out whether a given binary is packed or not. In this paper, we apply pattern recognition technique for detection of packed malware binaries. The objective of our approach is to take out the best set of features from Windows Portable executable files in order to pass it to our classification model. The classification model works in two phases, in the first phase it classifies the packed and non-packed executables. Once an executable is classified as packed, the second phase of classification concludes whether it is packed benign or packed malware executable. We worked with the UPX packer for this approach and have been able to achieve more than 99.9% accuracy in the first phase of classification. We achieved more than 95% accuracy in the second phase of classification as well.