원문정보
초록
영어
Malware authors evade the signature based detection by packing the original malware using custom packers. In this paper, we present a static heuristics based approach for the detection of packed executables. We present 1) the PE heuristics considered for analysis and taxonomy of heuristics; 2) a method for computing the score using power distance based on weights and risks assigned to the defined heuristics; and 3) classification of packed executable based on the threshold obtained with the training data set, and the results achieved with the test data set. The experimental results show that our approach has a high detection rate of 99.82% with a low false positive rate of 2.22%. We also bring out difficulties in detecting packed DLL, CLR and Debug mode executables via header analysis.
목차
1. Introduction
2. Related Work
3. Our Approach
3.1. PE Heuristics
3.2. Score Computation
3.3. Classify Executable
4. Results
4.1. Training Data Set and Test Environment
4.2. Fallouts Obtained with the Training Data Set
4.3. Results with the Test Data Set
4.4. Analysis of Common Packers
4.5. Observations
4.6. Performance Analysis
5. Conclusion and Future Work
References