Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Packer Detection for Multi-Layer Executables Using Entropy Analysis
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Bat-Erdene, Munkhbayar | - |
| dc.contributor.author | Kim, Taebeom | - |
| dc.contributor.author | Park, Hyundo | - |
| dc.contributor.author | Lee, Heejo | - |
| dc.date.accessioned | 2021-09-03T08:54:21Z | - |
| dc.date.available | 2021-09-03T08:54:21Z | - |
| dc.date.created | 2021-06-16 | - |
| dc.date.issued | 2017-03 | - |
| dc.identifier.issn | 1099-4300 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/84257 | - |
| dc.description.abstract | Packing algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall (96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | MDPI | - |
| dc.title | Packer Detection for Multi-Layer Executables Using Entropy Analysis | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Lee, Heejo | - |
| dc.identifier.doi | 10.3390/e19030125 | - |
| dc.identifier.scopusid | 2-s2.0-85024404913 | - |
| dc.identifier.wosid | 000400578900039 | - |
| dc.identifier.bibliographicCitation | ENTROPY, v.19, no.3 | - |
| dc.relation.isPartOf | ENTROPY | - |
| dc.citation.title | ENTROPY | - |
| dc.citation.volume | 19 | - |
| dc.citation.number | 3 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Physics | - |
| dc.relation.journalWebOfScienceCategory | Physics, Multidisciplinary | - |
| dc.subject.keywordAuthor | re-packing algorithms | - |
| dc.subject.keywordAuthor | original entry point (OEP) | - |
| dc.subject.keywordAuthor | multi-layer packing | - |
| dc.subject.keywordAuthor | piecewise aggregate approximation (PAA) | - |
| dc.subject.keywordAuthor | symbolic aggregate approximation (SAX) | - |
| dc.subject.keywordAuthor | entropy analysis | - |
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.