File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for Enhancements-Reference-Cited by-同舟云学术

File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for Enhancements

Published:2022-12-03 Issue:5 Volume:55 Page:1-45
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Muralidharan Trivikram¹^ORCID,Cohen Aviad²^ORCID,Gerson Noa²^ORCID,Nissim Nir¹^ORCID

Affiliation:

1. Malware Lab, Cyber Security Research Center, Ben-Gurion University of the Negev, Beer-Sheva, Israel and Department of Industrial Engineering and Management, Ben-Gurion University of the Negev, Beer-Sheva, Israel

2. Malware Lab, Cyber Security Research Center, Ben-Gurion University of the Negev, Beer-Sheva, Israel

Abstract

With the growing sophistication of malware, the need to devise improved malware detection schemes is crucial. The packing of executable files, which is one of the most common techniques for code protection, has been repurposed for code obfuscation by malware authors as a means of evading malware detectors (mainly static analysis-based detectors). This paper provides statistics on the use of packers based on an extensive analysis of 24,000 PE files (both malicious and benign files) for the past 10 years, which allowed us to observe trends in packing use during that time and showed that packing is still widely used in malware. This paper then surveys 23 methods proposed in academic research for the detection and classification of packed portable executable (PE) files and highlights various trends in malware packing. The paper highlights the differences between the methods and their abilities to detect and identify various aspects of packing. A taxonomy is presented, classifying the methods as static, dynamic, and hybrid analysis-based methods. The paper also sheds light on the increasing role of machine learning methods in the development of modern packing detection methods. We analyzed and mapped the different packing methods and identified which of them can be countered by the detection methods surveyed in this paper.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3530810

Reference128 articles.

1. Dynamic classification of packing algorithms for inspecting executables using entropy analysis;Bat-Erdene M.;Proc. 2013 8th Int. Conf. Malicious Unwanted Softw. The Am. MALWARE 2013,2013

2. M. M. K. Al-Zanei. 2014. Generic packing detection using several complexity analysis for accurate malware detection 5 1 (2014) 7–14.

3. L. Sun, S. Versteeg, S. Boztaş, and T. Yann. 2010. Pattern Recognition Techniques for the Classification of Malware Packers. Springer, Berlin, 2010, 370–390.

4. D.-I. M. Morgenstern and H. Pilz. Useful and useless statistics about viruses and anti-virus programs.

5. Peter Ferrie, Senior Anti-virus Researcher, and Microsoft Corporation. 2008. Anti-unpacker tricks. Current (2008).

Cited by 10 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. MAGIC: Malware behaviour analysis and impact quantification through signature co-occurrence and regression;Computers & Security;2024-04

2. A survey of strategy-driven evasion methods for PE malware: Transformation, concealment, and attack;Computers & Security;2024-02

3. A robust PDF watermarking scheme with versatility and compatibility;Multimedia Tools and Applications;2024-01-15

4. Analysis of machine learning approaches to packing detection;Computers & Security;2024-01

5. Towards Generic Malware Unpacking: A Comprehensive Study on the Unpacking Behavior of Malicious Run-Time Packers;Secure IT Systems;2023-11-08