期刊
APPLIED INTELLIGENCE
卷 51, 期 12, 页码 9038-9053出版社
SPRINGER
DOI: 10.1007/s10489-021-02347-w
关键词
Packer identification; Function call graph; Feature extraction; Machine learning; Static analysis
资金
- National Natural Science Foundation of China [62062022]
- Science and Technology Foundation of Guizhou Province [[2017]1051]
- Program for Science&Technology Innovation Talents in Universities of Henan Province [18HASTIT022]
- Key Technologies R & D Program of Henan Province [212102210084]
This article proposes a 2-stage packer identification method based on function call graph (FCG) and file attributes, achieving high accuracy in malware detection. Analysis of FCG and file attributes differences and experimental results show the effectiveness of the 2-SPIFF method.
Most malware employs packing technology to escape detection; thus, packer identification has become increasingly important in malware detection. To improve the accuracy of packer identification, this article analyses the differences in the function call graph (FCG) and file attributes between the non-packed executable files and the executable files packed by different packers, and further proposes a 2-stage packer i dentification method based on FCG and file attributes (2-SPIFF). In 2-SPIFF, the detection model of stage I distinguishes non-packed executable files from packed executable files based on the graph features extracted from the FCG, while the identification model of stage II identifies the packer used for packing the original executable file by using the concatenated features extracted from the FCG and file attributes. The experimental results show that 2-SPIFF can achieve an accuracy of 99.80% for packer detection and an accuracy of 98.49% for packer identification.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据