Analysis of machine learning approaches to packing detection

被引：8

作者：

Van Ouytsel, Charles-Henry Bertrand ^{[1
]}

Dam, Khanh Huu The ^{[1
]}

Legay, Axel ^{[1
]}

机构：

[1] Catholic Univ Louvain, INGI, ICTEAM, Pl Sainte Barbe 2,LG05 02,01, B-1348 Louvain La Neuve, Belgium

来源：

COMPUTERS & SECURITY | 2024年 / 136卷

关键词：

Malware; Machine learning; Packing; Features analysis; SHAP values; Experimental comparison; Adversarial attack; ANOMALY DETECTION; CLASSIFICATION;

D O I：

10.1016/j.cose.2023.103536

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Packing is a widely used obfuscation technique by which malware hides content and behavior. Much research explores how to detect a packed program via such varied approaches as entropy analysis, syntactic signatures, and, more recently, machine learning classifiers using various features. Yet no robust results indicate which algorithms perform best or which features are most significant. Reviews of these results highlight how accuracy, cost, generalization of capabilities, and other measures complicate evaluations. Our work addresses deficiencies by assessing nine different machine-learning approaches using 119 features to identify which features are most significant for packing detection, which algorithms offer the best performance, and which algorithms are most economical.

引用

页数：21

共 56 条

[1] When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features [J].

Aghakhani, Hojjat ;

Gritti, Fabio ;

Mecca, Francesco ;

Lindorfer, Martina ;

Ortolani, Stefano ;

Balzarotti, Davide ;

Vigna, Giovanni ;

Krueger, Christopher .

27TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2020), 2020,

[2]

Amato G., 2019, Peframe version 6.0.3

[3]

[Anonymous], Detect-it-easy version 2.06

[4]

[Anonymous], 2023, Virustotal report

[5] A Heuristics-based Static Analysis Approach for Detecting Packed PE Binaries [J].

Arora, Rohit ;

Singh, Anishka ;

Pareek, Himanshu ;

Edara, Usha Rani .

INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2013, 7 (05) :257-268

[6]

Arp D, 2022, PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, P3971

[7]

Baldangombo U, 2013, Arxiv, DOI [arXiv:1308.2831, DOI 10.5121/IJAIA.2013.4411]

[8]

Barbero F., 2020, arXiv

[9]

Bat-Erdene M, 2013, PROCEEDINGS OF THE 2013 8TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE: THE AMERICAS (MALWARE), P19, DOI 10.1109/MALWARE.2013.6703681

[10]

Bergenholtz Erik, 2020, Information and Communications Security. 22nd International Conference, ICICS 2020. Proceedings. Lecture Notes in Computer Science (LNCS 12282), P36, DOI 10.1007/978-3-030-61078-4_3

← 1 2 3 4 5 6 →