2014
DOI: 10.14569/ijacsa.2014.050102
|View full text |Cite
|
Sign up to set email alerts
|

Generic Packing Detection Using Several Complexity Analysis for Accurate Malware Detection

Abstract: Abstract-The attackers do not want their Malicious software (or malwares) to be reviled by anti-virus analyzer. In order to conceal their malware, malware programmers are getting utilize the anti reverse engineering techniques and code changing techniques such as the packing, encoding and encryption techniques. Malware writers have learned that signature based detectors can be easily evaded by "packing" the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopte… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 9 publications
(4 citation statements)
references
References 9 publications
0
4
0
Order By: Relevance
“…Te Unpacking Section is then set to be the initial point of entry once the fle is executed. Upon execution, the packed section is decompressed to become the Unpacked Section (Figure 7(c)) and is executed on virtual memory [81]. One of the more devious uses of packers in malware analysis is that the original PE header is hidden as the visible import functions are those utilized by the packer itself.…”
Section: Compressionmentioning
confidence: 99%
“…Te Unpacking Section is then set to be the initial point of entry once the fle is executed. Upon execution, the packed section is decompressed to become the Unpacked Section (Figure 7(c)) and is executed on virtual memory [81]. One of the more devious uses of packers in malware analysis is that the original PE header is hidden as the visible import functions are those utilized by the packer itself.…”
Section: Compressionmentioning
confidence: 99%
“…Many machine learning models and deep learning models use features with different combinations derived from static analysis [12]. However, malware authors use methods such as obfuscation [13], encryption of various types to evade feature extraction methods. The obfuscation and encryption methods are many and may be categorized into standard and non-standard (private).…”
Section: A Static Analysismentioning
confidence: 99%
“…Symantec Research Laboratories (Osaghae et al [8], Al-Anezi et al [19], Santos et al [20] and McAfee [21]), over 80% of malware appears to be produced using a packer to circumvent anti-malware systems; furthermore, more than 50% of new malware are re-packed versions of existing malware [19,20,22]. If the packed malware [23,24] is re-packed or multi-layer packed a detection of its infection through signature matching is impossible [2,[25][26][27][28][29][30][31][32].…”
Section: Multi-layer Packingmentioning
confidence: 99%