Analysis of machine learning approaches to packing detection

被引：8

作者：

Van Ouytsel, Charles-Henry Bertrand ^{[1
]}

Dam, Khanh Huu The ^{[1
]}

Legay, Axel ^{[1
]}

机构：

[1] Catholic Univ Louvain, INGI, ICTEAM, Pl Sainte Barbe 2,LG05 02,01, B-1348 Louvain La Neuve, Belgium

来源：

COMPUTERS & SECURITY | 2024年 / 136卷

关键词：

Malware; Machine learning; Packing; Features analysis; SHAP values; Experimental comparison; Adversarial attack; ANOMALY DETECTION; CLASSIFICATION;

D O I：

10.1016/j.cose.2023.103536

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Packing is a widely used obfuscation technique by which malware hides content and behavior. Much research explores how to detect a packed program via such varied approaches as entropy analysis, syntactic signatures, and, more recently, machine learning classifiers using various features. Yet no robust results indicate which algorithms perform best or which features are most significant. Reviews of these results highlight how accuracy, cost, generalization of capabilities, and other measures complicate evaluations. Our work addresses deficiencies by assessing nine different machine-learning approaches using 119 features to identify which features are most significant for packing detection, which algorithms offer the best performance, and which algorithms are most economical.

引用

页数：21

共 56 条

[11] Effective, efficient, and robust packing detection and classification [J].

Biondi, Fabrizio ;

Enescu, Michael A. ;

Given-Wilson, Thomas ;

Legay, Axel ;

Noureddine, Lamine ;

Verma, Vivek .

COMPUTERS & SECURITY, 2019, 85 :436-451

[12]

Biondi F, 2018, LECT NOTES COMPUT SC, V11244, P565, DOI 10.1007/978-3-030-03418-4_34

[13]

Bishop C. M., 2006, Pattern Recognition and Machine Learning

[14] Benchmark for filter methods for feature selection in high-dimensional classification data [J].

Bommert, Andrea ;

Sun, Xudong ;

Bischl, Bernd ;

Rahnenfuehrer, Joerg ;

Lang, Michel .

COMPUTATIONAL STATISTICS & DATA ANALYSIS, 2020, 143

[15] Towards Paving the Way for Large-Scale Windows Malware Analysis: Generic Binary Unpacking with Orders-of-Magnitude Performance Boost [J].

Cheng, Binlin ;

Ming, Jiang ;

Fu, Jianming ;

Peng, Guojun ;

Chen, Ting ;

Zhang, Xiaosong ;

Marion, Jean-Yves .

PROCEEDINGS OF THE 2018 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (CCS'18), 2018, :395-411

[16] PE File Header Analysis-based Packed PE File Detection Technique (PHAD) [J].

Choi, Yang-seo ;

Kim, Ik-kyun ;

Oh, Jin-tae ;

Ryou, Jae-cheol .

CSA 2008: INTERNATIONAL SYMPOSIUM ON COMPUTER SCIENCE AND ITS APPLICATIONS, PROCEEDINGS, 2008, :28-+

[17]

ClamAV, 2019, About us

[18] Experimental Toolkit for Manipulating Executable Packing [J].

D'Hondt, Alexandre ;

Van Ouytsel, Charles Henry Bertrand ;

Legay, Axel .

RISKS AND SECURITY OF INTERNET AND SYSTEMS, CRISIS 2023, 2023, 14529 :263-279

[19] Packer classification based on association rule mining [J].

Dam, Khanh Huu The ;

-Wilson, Thomas Given ;

Legay, Axel ;

Veroneze, Rosana .

APPLIED SOFT COMPUTING, 2022, 127

[20]

Devi Dhruwajita., 2012, Int. J. Comput. Theory Eng, V4, P476, DOI [10.7763/IJCTE.2012.V4.512, DOI 10.7763/IJCTE.2012.V4.512]

← 1 2 3 4 5 6 →