Packer identification method based on byte sequences

Jung, Byeong Ho; Bae, Seong Il; Choi, Chang; Im, Eul Gyu

doi:10.1002/cpe.5082

Cited by 13 publications

(8 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The smoothing technique used in this work is moving-mean. 39 In the moving mean technique, the data is being replaced by the average value of the neighboring data values, as expressed in Equation (2).…”

Section: Feature Description and Extractionmentioning

confidence: 99%

Minimized feature overhead malware detection machine learning model employing MRMR‐based ranking

Singh

Borgohain

Sharma

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary To deal with the huge amount of data, minimizing the overhead will play a key role in speedy and efficient malware detection. We propose a machine learning (ML) malware detection model with preprocessing to limit the feature overhead. The portable‐executable (PE) header information that retains meaningful and distinctive information has been considered to classify benign and malware files. The dataset is preprocessed by applying transformation, outlier detection and filling, and smoothing techniques. A maximum relevance minimum redundancy‐based feature selection method is deployed to assign the rank and score to each feature retaining the maximum relevant and minimal redundant information. Based on the obtained rank, many subsets of features have been created and investigated against support vector machine (SVM) and k‐nearest neighbors (k‐NN) with parametric tuning. The proposed ML model integrated with data preprocessing, feature selection, and SVM‐polynomial classifier has superior performance. This model is eliminating 63.8% feature overhead with accuracy above 99.1% for the benchmark datasets. To examine the robustness of the proposed model, new balanced and imbalanced datasets are created using new malware. The test results are encouraging with accuracy and specificity above 96.68%, 97.65%, and 91.57%, respectively. Interestingly, the proposed model is not trained using the newly created dataset.

show abstract

Section: Feature Description and Extractionmentioning

confidence: 99%

Minimized feature overhead malware detection machine learning model employing MRMR‐based ranking

Singh

Borgohain

Sharma

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…A drastic change in the entropy of machine code created by standard compilers indicates that the file has been packed. Many types of packers such as UPX 2 , FSG, Yoda's 3 , ExeStealth 4 , PETite 5 , ASPack 6 , UPack, and VMProtect 7 can be detected by looking for a unique sequence of byte codes [8], though the unpacking patterns and decryption keys are not detectable using this method. The complexity and ambiguity of malware activities prompts analysts towards dynamically monitoring and analyzing malware's behavior in order to discover the true nature of obfuscated files.…”

Section: Mmentioning

confidence: 99%

“…The latter method has increased challenges as it needs to reverse the malware binary. There are also some obstacles regarding reversing obfuscated and packed malware, including packer identification and decrypting ciphered sections [8], normalizing metamorphic codes [13], and executing time-limited malware -malware that only runs on a specific point or period of time. However, its efficiency was proven compared to other methods, and the amount of data required for creating the corresponding images is smaller than the former method.…”

Section: ) Deep Neural Networkmentioning

confidence: 99%

A Novel Method for Detecting Future Generations of Targeted and Metamorphic Malware Based on Genetic Algorithm

Javaheri

Lalbakhsh²,

Hosseinzadeh

2021

IEEE Access

View full text Add to dashboard Cite

This paper presents a novel solution for detecting rare and mutating malware programs and provides a strategy to address the scarcity of datasets for modeling these types of malware. To provide sufficient training data for malware behavioral modeling, genetic algorithms are used together with an optimization strategy that selectively creates generations of mutated elite malware samples. In our unique method, a sequence of system API calls is extracted using tracker filter drivers in a sandbox environment. The most obfuscated and metamorphic malware are chosen by an elite selection method. The behavioral chromosomes are formed by mapping extracted APIs to genes using linear regression. Our analysis system includes an Internet simulator and a human emulator to deceive intelligent classes of malware to successfully execute themselves and prevent system halting. The evolution process is performed through crossover and permutation of genes, which are encoded based on the addresses of the kernel-level system functions. An objective function has been defined to optimize the vital indicators of malignancy and tracking rate with a linear time complexity. This guarantees that new generations of malware are more destructive and stealthy than their parents. J48 and deep neural networks were employed in our experiments as they are two popular modeling and classification strategies in the area of behavioral malware detection. Real-world malware samples from valid references were used for the performance evaluation of our approach. Comprehensive scenarios were involved in the experiments to evaluate the performance of our proposed strategy. The results demonstrate significant improvement in detection accuracy -up to 5% considering rare and metamorphic malware. The results also demonstrated a considerable enhancement in true positive rate for the proposed deep-learning algorithm.

show abstract

“…Choi, and E.G. Im proposes a new packer identification method that uses two types of statistical features. These features are generated using encrypted data and feature from byte frequency distributions.…”

Section: The Main Topics Of Coginnov 2018 Special Issuementioning

confidence: 99%

Cognitive and innovative computation paradigms for big data and cloud computing applications

Ogiela

2019

Concurrency and Computation

View full text Add to dashboard Cite

Packer identification method based on byte sequences

Cited by 13 publications

References 26 publications

Minimized feature overhead malware detection machine learning model employing MRMR‐based ranking

Minimized feature overhead malware detection machine learning model employing MRMR‐based ranking

A Novel Method for Detecting Future Generations of Targeted and Metamorphic Malware Based on Genetic Algorithm

Cognitive and innovative computation paradigms for big data and cloud computing applications

Contact Info

Product

Resources

About