Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
Opcodes as predictor for malware
International Journal of Electronic Security and Digital Forensics
A survey of data mining techniques for malware detection using file features
Proceedings of the 46th Annual Southeast Regional Conference on XX
Data mining methods for malware detection using instruction sequences
AIA '08 Proceedings of the 26th IASTED International Conference on Artificial Intelligence and Applications
Journal of Computer Security
| Hi-index | 0.00 |
In this paper we present PEAT: The Portable ExecutableAnalysis Toolkit. It is a software prototype designed to providea selection of tools that an analyst may use in orderto examine structural aspects of a Windows Portable Executable(PE) file, with the goal of determining whethermalicious code has been inserted into an application aftercompilation. These tools rely on structural features ofexecutables that are likely to indicate the presence of insertedmalicious code. The underlying premise is that typicalapplication programs are compiled into one binary, homogeneousfrom beginning to end with respect to certainstructural features; any disruption of this homogeneity isa strong indicator that the binary has been tampered with.For example, it could now harbor a virus or a Trojan horseprogram. We present our investigation into structural featureanalysis, the development of these ideas into the PEATprototype, and results that illustrate PEAT's practical effectiveness.