Effective, efficient, and robust packing detection and classification. Issue 85 (August 2019)
- Record Type:
- Journal Article
- Title:
- Effective, efficient, and robust packing detection and classification. Issue 85 (August 2019)
- Main Title:
- Effective, efficient, and robust packing detection and classification
- Authors:
- Biondi, Fabrizio
Enescu, Michael A.
Given-Wilson, Thomas
Legay, Axel
Noureddine, Lamine
Verma, Vivek - Abstract:
- Abstract: Packing is a widespread tool to prevent static malware detection and analysis. Detecting and classifying the packer used by a given malware sample is fundamental to being able to unpack and study the malware, whether manually or automatically. Existing literature on packing detection and classification has focused on effectiveness, but does not consider the efficiency required to be part of a practical malware-analysis workflow. This paper studies how to train packing detection and classification algorithms based on machine learning to be both highly effective and efficient. Initially, we create ground truths by labeling more than 280, 000 samples with three different techniques. Then we perform feature selection considering the contribution and computation cost of features. We iterate over more than 1500 combinations of features, scenarios, and algorithms to determine which algorithms are the most effective and efficient, finding that a reduction of 1–2% effectiveness can increase efficiency by 17–44 times. Then, we test how the best algorithms perform against malware collected after the training data to assess them against new packing techniques and versions, finding a large impact of the ground truth used on algorithm robustness. Finally, we perform an economic analysis and find simple algorithms with small feature sets to be more economical than complex algorithms with large feature sets based on uptime/training time ratio.
- Is Part Of:
- Computers & security. Issue 85(2019)
- Journal:
- Computers & security
- Issue:
- Issue 85(2019)
- Issue Display:
- Volume 85, Issue 85 (2019)
- Year:
- 2019
- Volume:
- 85
- Issue:
- 85
- Issue Sort Value:
- 2019-0085-0085-0000
- Page Start:
- 436
- Page End:
- 451
- Publication Date:
- 2019-08
- Subjects:
- Packer detection -- Packer classification -- Entropy -- Machine learning -- Feature selection -- Portable executable file -- Obfuscation -- Malware
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.05.007 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10986.xml