Packer Detection for Multi-Layer Executables Using Entropy Analysis
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Bat-Erdene, Munkhbayar | - |
dc.contributor.author | Kim, Taebeom | - |
dc.contributor.author | Park, Hyundo | - |
dc.contributor.author | Lee, Heejo | - |
dc.date.accessioned | 2021-09-03T08:54:21Z | - |
dc.date.available | 2021-09-03T08:54:21Z | - |
dc.date.created | 2021-06-16 | - |
dc.date.issued | 2017-03 | - |
dc.identifier.issn | 1099-4300 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/84257 | - |
dc.description.abstract | Packing algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall (96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | MDPI | - |
dc.title | Packer Detection for Multi-Layer Executables Using Entropy Analysis | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Heejo | - |
dc.identifier.doi | 10.3390/e19030125 | - |
dc.identifier.scopusid | 2-s2.0-85024404913 | - |
dc.identifier.wosid | 000400578900039 | - |
dc.identifier.bibliographicCitation | ENTROPY, v.19, no.3 | - |
dc.relation.isPartOf | ENTROPY | - |
dc.citation.title | ENTROPY | - |
dc.citation.volume | 19 | - |
dc.citation.number | 3 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Physics, Multidisciplinary | - |
dc.subject.keywordAuthor | re-packing algorithms | - |
dc.subject.keywordAuthor | original entry point (OEP) | - |
dc.subject.keywordAuthor | multi-layer packing | - |
dc.subject.keywordAuthor | piecewise aggregate approximation (PAA) | - |
dc.subject.keywordAuthor | symbolic aggregate approximation (SAX) | - |
dc.subject.keywordAuthor | entropy analysis | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.