Learning to detect malicious executables in the wild
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Classification of packed executables for accurate computer virus detection
Pattern Recognition Letters
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A Study of the Packer Problem and Its Solutions
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Pattern recognition techniques for the classification of malware packers
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Hi-index | 0.00 |
Packing is the most popular obfuscation technique used by malware writers' community in present scenario. The traditional signature-based anti-virus software had played a major role in malware detection, until the dawn of the trend of packed malware. Hence to evade detection of the malwares, a malicious writer relies on packers' softwares; which transforms the binary appearance of the programs without affecting its execution semantics. Therefore the biggest challenge today for malware detection techniques is to figure out whether a given binary is packed or not. In this paper, we apply pattern recognition technique for detection of packed malware binaries. The objective of our approach is to take out the best set of features from Windows Portable executable files in order to pass it to our classification model. The classification model works in two phases, in the first phase it classifies the packed and non-packed executables. Once an executable is classified as packed, the second phase of classification concludes whether it is packed benign or packed malware executable. We worked with the UPX packer for this approach and have been able to achieve more than 99.9% accuracy in the first phase of classification. We achieved more than 95% accuracy in the second phase of classification as well.