International Symposium on Computer Science and Its Applications 2008
DOI: 10.1109/csa.2008.28
View full text | Cite
|
Sign up to set email alerts
|
Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
25
0

Year Published

2009
2009
2015
2015

Publication Types

Select...
4

Relationship

0
4

Authors

Journals

citations
Cited by 32 publications
(25 citation statements)
references
References 5 publications
0
25
0
Order By: Relevance
“…Choi [6] proposed the tool "PHAD" which detects packing file based on the Header Analysis of PE files. The packed and encrypted execution code should be unpacked when the malware is packed and encrypted, and it is explained that the packed execution file should be detected prior to that stage.…”
Section: A Research For Detection Of Packingmentioning
confidence: 99%
“…Choi [6] proposed the tool "PHAD" which detects packing file based on the Header Analysis of PE files. The packed and encrypted execution code should be unpacked when the malware is packed and encrypted, and it is explained that the packed execution file should be detected prior to that stage.…”
Section: A Research For Detection Of Packingmentioning
confidence: 99%
“…The use of entropy scoring is prevalent due to its ability to detect areas of randomness in a file which are often attributable to encrypted or packed data [2] [3]. Others rely on the structural differences such as section read/write/execute permissions, number of DLL imports, non-standard or flagged section names as well as various entropy based scores [4][5][6][7][8][9] to achieve packed file classification. However, malware authors are becoming wise to the advances in detection techniques and are employing their own tactics to circumvent discovery.…”
Section: Introductionmentioning
confidence: 99%
“…One of these structures is the SSDT, a table where all the API memory addresses are located [6] . The SSDT is basically a vector of memory addresses, where each index corresponds to a system call.…”
Section: Drivermentioning
confidence: 99%
“…Since there are 391 system calls in the SSDT [6] , we chose those that bring relevant information about the artifact execution [2] and can contribute in the definition of the malware behavior. These calls are related to file or registry operations, mutexes, processes and threads.…”
Section: Drivermentioning
confidence: 99%