2-SPIFF: a 2-stage packer identification method based on function call graph and file attributes

被引：0

作者：

Hao Liu

Chun Guo

Yunhe Cui

Guowei Shen

Yuan Ping

机构：

[1] Guizhou University,Guizhou Provincial Key Laboratory of Public Big Data, College of Computer Science and Technology

[2] Xuchang University,School of Information Engineering

来源：

Applied Intelligence | 2021年 / 51卷

关键词：

Packer identification; Function call graph; Feature extraction; Machine learning; Static analysis;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Most malware employs packing technology to escape detection; thus, packer identification has become increasingly important in malware detection. To improve the accuracy of packer identification, this article analyses the differences in the function call graph (FCG) and file attributes between the non-packed executable files and the executable files packed by different packers, and further proposes a 2-stage packer i dentification method based on FCG and file attributes (2-SPIFF). In 2-SPIFF, the detection model of stage I distinguishes non-packed executable files from packed executable files based on the graph features extracted from the FCG, while the identification model of stage II identifies the packer used for packing the original executable file by using the concatenated features extracted from the FCG and file attributes. The experimental results show that 2-SPIFF can achieve an accuracy of 99.80% for packer detection and an accuracy of 98.49% for packer identification.

引用

页码：9038 / 9053

页数：15

共 70 条

[1]

Afianian A(2019)Malware dynamic analysis evasion techniques: a survey ACM Comput Surv 52 126-8988

[2]

Niksefat S(2019)Analyzing and detecting emerging internet of things malware: a graph-based approach IEEE Internet Things J 6 8977-2658

[3]

Sadeghiyan B(2019)Ramd: registry-based anomaly malware detection using one-class ensemble classifiers Appl Intell 49 2641-248

[4]

Baptiste D(2017)Entropy analysis to classify unknown packing algorithms for malware detection Int J Inf Secur 16 227-451

[5]

Alasmary H(2019)Effective, efficient, and robust packing detection and classification Comput Secur 85 436-711

[6]

Khormali A(2018)Code obfuscation against abstraction refinement attacks Formal Aspects Comput 30 685-2761

[7]

Anwar A(2019)A new hybrid approach for intrusion detection using machine learning methods Appl Intell 49 2735-86

[8]

Park J(2018)A malware detection method based on family behavior graph Comput Secur 73 73-1546

[9]

Choi J(2018)An entropy-based distance measure for analyzing and detecting metamorphic malware Appl Intell 48 1536-111

[10]

Abusnaina A(2020)The rise of machine learning for detection and classification of malware: research developments, trends and challenges J Netw Comput Appl 153 102526-51629

← 1 2 3 4 5 6 7 →