Generic Packing Detection Using Several Complexity Analysis for Accurate Malware Detection
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2014, Vol 5, Issue 1
Abstract
The attackers do not want their Malicious software (or malwares) to be reviled by anti-virus analyzer. In order to conceal their malware, malware programmers are getting utilize the anti reverse engineering techniques and code changing techniques such as the packing, encoding and encryption techniques. Malware writers have learned that signature based detectors can be easily evaded by “packing” the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the payload of packed malware, but unfortunately such techniques are highly ineffective. If the malware is packed or encrypted, then it is very difficult to analyze. Therefore, to prevent the harmful effects of malware and to generate signatures for malware detection, the packed and encrypted executable codes must initially be unpacked. The first step of unpacking is to detect the packed executable files. The objective is to efficiently and accurately distinguish between packed and non-packed executables, so that only executables detected as packed will be sent to an general unpacker, thus saving a significant amount of processing time. The generic method of this paper show that it achieves very high detection accuracy of packed executables with a low average processing time. In this paper, a packed file detection technique based on complexity measured by several algorithms, and it has tested using a packed and unpacked dataset of file type .exe. The preliminary results are very promising where achieved high accuracy with enough performance. Where it achieved about 96% detection rate on packed files and 93% detection rate on unpacked files. The experiments also demonstrate that this generic technique can effectively prepared to detect unknown, obfuscated malware and cannot be evaded by known evade techniques.
Authors and Affiliations
Dr. Mafaz Khalil Al-Anezi
Keywords
Related Articles
- EP ID EP115783
- DOI 10.14569/IJACSA.2014.050102
- Views 121
- Downloads 0
Communication Disconnection Prevention System by Bandwidth Depression-Type Traffic Measurement in a Multi-Robot Environment using an LCX Network
In this paper, we propose and develop a method for determining the transmission amount of each mobile robot connected to a network constructed with a leaky coaxial cable (LCX) by using broadcast packets. Tele-operation o...
Application of the Hierarchy Analysis Method at the Foodstuffs Quality Evaluation
In Russia as well as in the other countries of the world national programs are implemented to improve the health of the population. An integral part of those programs are measures of improvement of food processes structu...
Question Answering Systems: A Review on Present Developments, Challenges and Trends
Question Answering Systems (QAS) are becoming a model for the future of web search. In this paper we present a study of the latest research in this area. We collected publications from top conferences and journals on inf...
Automated Extraction of Large Scale Scanned Document Images using Google Vision OCR in Apache Hadoop Environment
This Digitalization of documents is now being done in all fields to reduce paper usage. The availability of modern technology in the form of scanners and cameras supports the growth of multimedia data, especially documen...
Color, texture and shape descriptor fusion with Bayesian network classifier for automatic image annotation
Due to the large amounts of multimedia data prevalent on the Web, Some images presents textural motifs while others may be recognized with colors or shapes of their content. The use of descriptors based on one’s features...