Generic Packing Detection Using Several Complexity Analysis for Accurate Malware Detection
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2014, Vol 5, Issue 1
Abstract
The attackers do not want their Malicious software (or malwares) to be reviled by anti-virus analyzer. In order to conceal their malware, malware programmers are getting utilize the anti reverse engineering techniques and code changing techniques such as the packing, encoding and encryption techniques. Malware writers have learned that signature based detectors can be easily evaded by “packing” the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the payload of packed malware, but unfortunately such techniques are highly ineffective. If the malware is packed or encrypted, then it is very difficult to analyze. Therefore, to prevent the harmful effects of malware and to generate signatures for malware detection, the packed and encrypted executable codes must initially be unpacked. The first step of unpacking is to detect the packed executable files. The objective is to efficiently and accurately distinguish between packed and non-packed executables, so that only executables detected as packed will be sent to an general unpacker, thus saving a significant amount of processing time. The generic method of this paper show that it achieves very high detection accuracy of packed executables with a low average processing time. In this paper, a packed file detection technique based on complexity measured by several algorithms, and it has tested using a packed and unpacked dataset of file type .exe. The preliminary results are very promising where achieved high accuracy with enough performance. Where it achieved about 96% detection rate on packed files and 93% detection rate on unpacked files. The experiments also demonstrate that this generic technique can effectively prepared to detect unknown, obfuscated malware and cannot be evaded by known evade techniques.
Authors and Affiliations
Dr. Mafaz Khalil Al-Anezi
Keywords
Related Articles
- EP ID EP115783
- DOI 10.14569/IJACSA.2014.050102
- Views 115
- Downloads 0
Towards the Adoption of Smart Manufacturing Systems: A Development Framework
Today, a new era of manufacturing innovation is introduced as Smart Manufacturing Systems (SMS) or Industry 4.0. Many studies have discussed the different characteristics and technologies associated with SMS, however, li...
The Photometric Stereo Approach and the Visualization of 3D Face Reconstruction
The 3D Morphable models of the human face have prepared myriad of applications in computer vision, human computer interaction and security surveillances. However, due to the variation in size, complexity of training data...
Investigating Technologies in Decision based Internet of Things, Internet of Everythings and Cloud Computing for Smart City
The idea of a Smart City features the need to upgrade quality, interconnection and execution of different urban administrations with the utilization of data and correspondence advances (ICT). Smart City advances cloud-ba...
Developing Computer Network Based on EIGRP Performance Comparison and OSPF
One of the computer network systems technologies that are growing rapidly at this time is internet. In building the networks, a routing mechanism is needed to integrate the entire computer with a high degree of flexibili...
A Survey of Energy Aware Cloud’s Resource Allocation Techniques for Virtual Machine Consolidation
As the demand for cloud computing environment is increasing, new techniques for making cloud computing more environment-friendly are being proposed with an aim to convert traditional cloud computing into green cloud comp...