Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Packer Detection for Multi-Layer Executables Using Entropy Analysis
- Issue Date
- 3월-2017
- Publisher
- MDPI
- Keywords
- re-packing algorithms; original entry point (OEP); multi-layer packing; piecewise aggregate approximation (PAA); symbolic aggregate approximation (SAX); entropy analysis
- Citation
- ENTROPY, v.19, no.3
- Indexed
- SCIE
SCOPUS
- Journal Title
- ENTROPY
- Volume
- 19
- Number
- 3
- ISSN
- 1099-4300
- Abstract
- Packing algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall (96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms.
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.