Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware

Cesare, Silvio; Xiang, Yang; Zhou, Wanlei

doi:10.1109/tc.2012.65

Cited by 80 publications

(31 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Symantec Research Laboratories (Osaghae et al [8], Al-Anezi et al [19], Santos et al [20] and McAfee [21]), over 80% of malware appears to be produced using a packer to circumvent anti-malware systems; furthermore, more than 50% of new malware are re-packed versions of existing malware [19,20,22]. If the packed malware [23,24] is re-packed or multi-layer packed a detection of its infection through signature matching is impossible [2,[25][26][27][28][29][30][31][32].…”

Section: Multi-layer Packingmentioning

confidence: 99%

Packer Detection for Multi-Layer Executables Using Entropy Analysis

Bat-Erdene

Kim

Park

et al. 2017

Entropy

View full text Add to dashboard Cite

Packing algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall ( 96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms.

show abstract

Section: Multi-layer Packingmentioning

confidence: 99%

Packer Detection for Multi-Layer Executables Using Entropy Analysis

Bat-Erdene

Kim

Park

et al. 2017

Entropy

View full text Add to dashboard Cite

show abstract

“…The prominent techniques tailored to extract dynamic features are n-gram analysis [16], non-transient state changes [5], taint analysis [6,30], system call trace analysis [18,7,9], and API calls [27,8]. Dynamic approaches can further be categorized into fine-grained (e.g., [6,30,15]) and coarse-grained (e.g., [9]) behavior modeling approaches.…”

Section: Related Workmentioning

confidence: 99%

A Scalable Malware Classification Based on Integrated Static and Dynamic Features

Bounouh

Brahimi

Al-Nemrat³

et al. 2016

Global Security, Safety and Sustainability - The Security Challenges of the Connected World

View full text Add to dashboard Cite

Abstract. This paper presents a malware classification approach which aims to improve precision and support scalability. To this end, an hybrid approach combining both static and dynamic features is adopted. The hybrid approach has the advantage of being a complete and robust solution to evasion techniques used by malware writers. The proposed methodology allowed achieving a very promising accuracy of 99.41% in classifying malware into families while considerably reducing the feature space compared to competing approaches in the literature.

show abstract

“…Targeted vulnerability in the LNK process and will make use of WebDAV to run the exploit [8][9] using Metasploit framework to exploit the vulnerability [8] [9]. Metasploit framework is an open source tool which is being used extensively as the most popular tool of choice for the security experts and researchers across the security community.…”

Section: ) Browser Based Exploitationmentioning

confidence: 99%

“…Our target executable is putty.exe which is completely harmless software, which we have used for our demonstration purpose. Our objective here is to show how exploit codes specially crafted according to any particular vulnerability [9] specific to any application can be deployed by malware writers and what are the difficulties & challenges faced at different level of this multi-staged attack. These kind of applications are targeted by the malware writers in a multi-staged attack where the malware server hosts the exploit-kit containing the exploits for the specific target based on the type of application to be targeted and lure the victim to download or click on a link or an embedded image as shown in our experimentation.…”

Section: Analysis Of Malware Propagation Model Parametersmentioning

confidence: 99%

See 1 more Smart Citation

Pervasive Malware Propagation Mechanism and Mitigation Techniques

Kumar¹,

Kulkarni²

2015

IJCA

View full text Add to dashboard Cite

Malwares i.e. malicious code/softwares poses prevalent threat to businesses and network across distributed systems. Like it is said in order to catch criminals, we have to think like a criminal, likewise in order to catch cyber criminals/terrorists, we have to think like a cyber-criminal. Malware campaigns have been the driving engines for cyber-warfare being used by cyber criminals & black hat hackers to target organizations, various governments, and financial institutions for leverage & selfish profits, since early decade. In the recent trends of past years, the sophistication of malware campaigns have grown more complex to perform targeted successful attacks and bypass the prevailing & evolving defense mechanisms out there. Our approach is motivated by the factor that malwares breed on the vulnerability of the software applications running across the web. Idea behind pervasive malware propagation mechanism is to provide insight towards various exploitable scenarios based on vulnerabilities and software coding flaws in the software system, its architecture and over the network. Understanding the control flow structure of malware propagation into the system & over the network provides greater insight into how vulnerabilities are being exploited , how target surface identification is being carried out by the attackers, how exactly the exploits are being delivered using the payloads & what mechanism is being used to maintain the access to the exploited victim over the network. Eventually some suggestions as precautionary mitigation mechanisms to stop the malware propagation.

show abstract

Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware

Cited by 80 publications

References 23 publications

Packer Detection for Multi-Layer Executables Using Entropy Analysis

Packer Detection for Multi-Layer Executables Using Entropy Analysis

A Scalable Malware Classification Based on Integrated Static and Dynamic Features

Pervasive Malware Propagation Mechanism and Mitigation Techniques

Contact Info

Product

Resources

About