Detecting packed executables using steganalysis

Burgess, Colin J.; Kurugöllü, Fatih; Sezer, Sakir; McLaughlin, Kieran

doi:10.1109/euvip.2014.7018361

Cited by 7 publications

(3 citation statements)

References 13 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Steganalysis, the study of detecting hidden communication inside digital data, was proposed as a means of packer detection by Brugess et al in [13]. Their method converts the executable to a gray-scale image, from which features are then extracted to train a support vector machine.…”

Section: Related Workmentioning

confidence: 99%

Detection of Metamorphic Malware Packers Using Multilayered LSTM Networks

Bergenholtz

Casalicchio

Ilie

et al. 2020

Information and Communications Security

View full text Add to dashboard Cite

Malware authors do their best to conceal their malicious software to increase its probability of spreading and to slow down analysis. One method used to conceal malware is packing, in which the original malware is completely hidden through compression or encryption, only to be reconstructed at run-time. In addition, packers can be metamorphic, meaning that the output of the packer will never be exactly the same, even if the same file is packed again. As the use of known off-the-shelf malware packers is declining, it is becoming increasingly more important to implement methods of detecting packed executables without having any known samples of a given packer. In this study, we evaluate the use of recurrent neural networks as a means to classify whether or not a file is packed by a metamorphic packer. We show that even with quite simple networks, it is possible to correctly distinguish packed executables from non-packed executables with an accuracy of up to 89.36% when trained on a single packer, even for samples packed by previously unseen packers. Training the network on more packer raises this number to up to 99.69%.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection of Metamorphic Malware Packers Using Multilayered LSTM Networks

Bergenholtz

Casalicchio

Ilie

et al. 2020

Information and Communications Security

View full text Add to dashboard Cite

show abstract

“…Computer vision techniques and SVMs were used in [18] for malware detection achieving an accuracy of 95% on a dataset with 37K samples. A combination of ML, visualization and steganalysis was proposed in [1] to detect packed malware; both SVMs and a variation of the k-nearest neighbour (KNN) were used, with the later achieving a classification accuracy of 99.5%. A similarity detection framework with 1.2M samples was used in [19] for malware classification; an accuracy of 99% was achieved (for about half of the samples), but the use of similarity considerably lowers the probability of detecting unknown malware with dissimilar structure.…”

Section: Related Workmentioning

confidence: 99%

A Novel Malware Detection System Based On Machine Learning and Binary Visualization

Baptista¹,

Shiaeles²,

Kolokotronis³

2019

Preprint

View full text Add to dashboard Cite

The continued evolution and diversity of malware constitutes a major threat in modern systems. It is well proven that security defenses currently available are ineffective to mitigate the skills and imagination of cyber-criminals necessitating the development of novel solutions. Deep learning algorithms and artificial intelligence (AI) are rapidly evolving with remarkable results in many application areas. Following the advances of AI and recognizing the need for efficient malware detection methods, this paper presents a new approach for malware detection based on binary visualization and self-organizing incremental neural networks. The proposed method's performance in detecting malicious payloads in various file types was investigated and the experimental results showed that a detection accuracy of 91.7% and 94.1% was achieved for ransomware in .pdf and .doc files respectively. With respect to other formats of malicious code and other file types, including binaries, the proposed method behaved well with an incremental detection rate that allows efficiently detecting unknown malware at real-time.

show abstract

“…The steganalysts are usually something of forensic statisticians, and must start by reducing the suspect set of data files to the subset most likely to have been altered [2]. In addition to the forensics and homeland security use [3], the steganalysis strategies are also beneficial in civilian applications by detecting all kinds of malware meant to harm the computers [4].…”

Section: Introductionmentioning

confidence: 99%