Generic unpacking techniques

Babar, Komal; Khalid, Faiza

doi:10.1109/ic4.2009.4909168

Cited by 12 publications

(7 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Packing compresses and/or encrypts the program code in such way, that actual code stays hidden till runtime (when the executable is unpacked) making it immune to static analysis [7]. Packed program contains additional code, which dynamically unpacks or generates original program code in memory and then transfer control to it.…”

Section: Additional Protection Methods For Dongle-based Protectionmentioning

confidence: 99%

“…Since every packer has its associated unpacker to undo packing, a successful generic unpacker is difficult to come by [7]. Packing is considered as one of the best protection against reverse engineering, because it can combine other protection methods mentioned above: antidebugging, code obfuscation, etc.…”

Section: Additional Protection Methods For Dongle-based Protectionmentioning

confidence: 99%

See 1 more Smart Citation

Assessment of Dongle-based Software Copy Protection Combined with Additional Protection Methods

Liutkevičius

Vrubliauskas

Kazanavičius

2011

ElAEE

View full text Add to dashboard Cite

Section: Additional Protection Methods For Dongle-based Protectionmentioning

confidence: 99%

Section: Additional Protection Methods For Dongle-based Protectionmentioning

confidence: 99%

Assessment of Dongle-based Software Copy Protection Combined with Additional Protection Methods

Liutkevičius

Vrubliauskas

Kazanavičius

2011

ElAEE

View full text Add to dashboard Cite

“…Dynamic unpacking approaches monitor the execution of a binary in order to extract its actual code. These methods execute the samples inside an isolated environment that can be deployed as a virtual machine or an emulator [3]. The execution is traced and stopped when certain events occur.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Artificial Intelligence and data mining algorithms have been applied as malicious detection methods and for the discovery of new malware patterns [15]. In the research effort of Babar and Khalid [3], boosted decision trees working on n-grams are found to produce better results than Naive Bayes classifiers and Support Vector Machines (SVM). Ye et al, [16] use automatic extraction of association rules on Windows API execution sequences to distinguish between malware and clean program files.…”

Section: Literature Reviewmentioning

confidence: 99%

Evolving Computational Intelligence System for Malware Detection

Demertzis

Iliadis

2014

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.

show abstract

“…This isolated environment can be deployed as a virtual machine or an emulator [1]. Then, the execution is traced and stopped when certain events occur.…”

Section: Introductionmentioning

confidence: 99%

Collective classification for packed executable identification

Santos

Ugarte-Pedrero

Urquijo

et al. 2011

Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference

View full text Add to dashboard Cite

Malware is any software designed to harm computers. Commercial anti-virus are based on signature scanning, which is a technique effective only when the malicious executables have been previously analysed and identified. Malware writers employ several techniques in order to hide their actual behaviour. Executable packing consists in encrypting or hiding the real payload of the executable. Generic unpacking techniques do not depend on the packer used, as they execute the binary within an isolated environment (namely 'sandbox') to gather the real code of the packed executable. However, this approach is slow and, therefore, a filter step is required to determine when an executable has been packed. To this end, supervised machine learning approaches trained with static features from the executables have been proposed. Notwithstanding, supervised learning methods need the identification and labelling of a high number of packed and not packed executables. In this paper, we propose a new method for packed executable detection that adopts a collective learning approach to reduce the labelling requirements of completely supervised approaches. We performed an empirical validation demonstrating that the system maintains a high accuracy rate while the labelling efforts are lower than when using supervised learning.

show abstract

Generic unpacking techniques

Cited by 12 publications

References 5 publications

Assessment of Dongle-based Software Copy Protection Combined with Additional Protection Methods

Assessment of Dongle-based Software Copy Protection Combined with Additional Protection Methods

Evolving Computational Intelligence System for Malware Detection

Collective classification for packed executable identification

Contact Info

Product

Resources

About