A Heuristics-based Static Analysis Approach for Detecting Packed PE Binaries
作者: Rohit Arora , Anishka Singh , Himanshu Pareek , Usha Rani Edara
DOI: 10.14257/IJSIA.2013.7.5.24
关键词:
摘要: Malware authors evade the signature based detection by packing original malware using custom packers. In this paper, we present a static heuristics approach for of packed executables. We 1) PE considered analysis and taxonomy heuristics; 2) method computing score power distance on weights risks assigned to defined 3) classification executable threshold obtained with training data set, results achieved test set. The experimental show that our has high rate 99.82% low false positive 2.22%. also bring out difficulties in detecting DLL, CLR Debug mode executables via header analysis.
sersc.org 
researchgate.net 参考文章(7)
Yang-seo Choi, Ik-kyun Kim, Jin-tae Oh, Jae-cheol Ryou, Encoded Executable File Detection Technique via Executable File Header Analysis ,(2009)
Fanglu Guo, Peter Ferrie, Tzi-cker Chiueh, A Study of the Packer Problem and Its Solutions recent advances in intrusion detection. pp. 98- 115 ,(2008) , 10.1007/978-3-540-87403-4_6
Seungwon Han, Keungi Lee, Sangjin Lee, Packed PE File Detection for Malware Forensics 2009 2nd International Conference on Computer Science and its Applications. pp. 1- 7 ,(2009) , 10.1109/CSA.2009.5404211
Igor Santos, Xabier Ugarte-Pedrero, Borja Sanz, Carlos Laorden, Pablo G Bringas, None, Collective classification for packed executable identification Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference on - CEAS '11. pp. 23- 30 ,(2011) , 10.1145/2030376.2030379
Robert Lyda, James Hamrock, Using Entropy Analysis to Find Encrypted and Packed Malware ieee symposium on security and privacy. ,vol. 5, pp. 40- 45 ,(2007) , 10.1109/MSP.2007.48
Roberto Perdisci, Andrea Lanzi, Wenke Lee, Classification of packed executables for accurate computer virus detection Pattern Recognition Letters. ,vol. 29, pp. 1941- 1946 ,(2008) , 10.1016/J.PATREC.2008.06.016
Scott Treadwell, Mian Zhou, A heuristic approach for detection of obfuscated malware intelligence and security informatics. pp. 291- 299 ,(2009) , 10.1109/ISI.2009.5137328