• Corpus ID: 212493886

Packed Malware Detection using Entropy Related Analysis: A Survey

@inproceedings{OsaghaeE2015PackedMD,
  title={Packed Malware Detection using Entropy Related Analysis: A Survey},
  author={O. OsaghaeE.},
  year={2015}
}
The challenges of revealing packed malware by security analysts is enormous however, malware researchers have tried to use entropy analysis to detect packed malware. Since the problem of revealing packed malware is the time taken to unpack a malware and the analysis which helps to reveal the packed malware is centered on entropy analysis. However, the need arises to determine if a packed malware is revealed using entropy analysis and if it is not, how is the analysis techniques related to… 

Tables from this paper

Static Analysis Method on Portable Executable Files for REMNUX based Malware Identification

REMnux can be an appropriate tool to check a file’s characteristics in the form of malware or not based on anomalous data check, metadata of file integrity, section entropy, and function that will be executed by that executable file.

Efficient SVM Based Packer Identification with Binary Diffing Measures

An SVM based automatized method is introduced, which uses kernel lifting with binary diffing measures for RBF kernels to serve kernels with better performance in packer identification than previous works, which has used traditional kernels or no kernel-lifting at all.

References

SHOWING 1-10 OF 22 REFERENCES

Generic Packing Detection using Several Complexity Analysis for Accurate Malware Detection

A packed file detection technique based on complexity measured by several algorithms that achieves very high detection accuracy of packed executables with a low average processing time and can effectively prepared to detect unknown, obfuscated malware and cannot be evaded by known evade techniques.

Malwise System for Packed and Polymorphic Malware

A novel system, named malwise, for malware classification using a fast application level emulator to reverse the code packing transformation, and two flowgraph matching algorithms to perform classification, which is able to detect malware with near real-time performance.

Encoded Executable File Detection Technique via Executable File Header Analysis

A packed file detection technique based on a PE Header Analysis is proposed and a Characteristic Vector that consists of eight elements is defined, and the Euclidean distance of the CV is calculated to represent the base threshold for the detection of packed files.

Measuring similarity of malware behavior

This work focuses on behavioral features of malware and compares and experimentally evaluates different distance measures for malware behavior and identifies a most appropriate distance measure for grouping malware samples based on similar behavior.

Static Analysis Based Behavioral API for Malware Detection using Markov Chain

A virus detection system based on extracting Application Program Interface calls from virus behaviors is proposed, which uses static analysis of behavior-based detection mechanism without executing of software to detect viruses at user mod by using Markov Chain.

Instructions-Based Detection of Sophisticated Obfuscation and Packing

A novel approach to identify obfuscated files based on anomalies in their instructions-based characteristics is introduced, which detects the presence of interleaving instructions which are the result of the opaque predicate anti-disassembly trick, and presents distinguishing statistical properties based on the opcodes and control flow graphs of obfuscation files.

Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph

Experimental results demonstrate 98% detection rate and 0% false positive rate for the proposed malware detection system and the graph matching algorithm is based on Longest Common Subsequence (LCS) algorithm which is used on the simplified graphs.

Windows API based Malware Detection and Framework Analysis

This paper elucidate an automated framework for analyzing and classifying executables based on their relevant API calls and explains all the software components used to make the framework fully automatic for extracting API calls.

Classification of packed executables for accurate computer virus detection

Malware Detection using Computational Biology Tools

Experimental results shows that the proposed system is efficient and it is a novel way for detecting malware code embedded in different types of computer files, using bioinformatics tools with consistency and accuracy in detecting the malware and it was able to complete the assignment in high speed without excessive memory usages.