Collective classification for packed executable identification

ACM International Conference Proceeding Series

Volumn , Issue , 2011, Pages 23-30

  Santos, Igor ^a   Ugarte Pedrero, Xabier ^a   Sanz, Borja ^a   Laorden, Carlos ^a   Bringas, Pablo G ^a  

^a UNIVERSITY OF DEUSTO   (Spain)

Author keywords

Executable packing; Machine learning; Malware

Indexed keywords

ACCURACY RATE; ANTI VIRUS; COLLECTIVE LEARNING; EMPIRICAL VALIDATION; EXECUTABLES; MACHINE-LEARNING; MALICIOUS EXECUTABLES; MALWARES; PACKED EXECUTABLES; REAL CODE; SIGNATURE SCANNING; STATIC FEATURES; SUPERVISED LEARNING METHODS; SUPERVISED MACHINE LEARNING;

INTERNET; SUPERVISED LEARNING; VIRUSES;

COMPUTER VIRUSES;

EID: 80053652695     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2030376.2030379     Document Type: Conference Paper

References (33)

1. K. Babar and F. Khalid. Generic unpacking techniques. In Proceedings of the 2nd International Conference on Computer, Control and Communication (IC4), pages 1-6. IEEE, 2009.
2. S. Cesare. Linux anti-debugging techniques, fooling the debugger, 1999. Available online: http://vx.netlux.org/lib/vsc04.html.
3. O. Chapelle, B. Scholkopf, and A. Zien. Semi-supervised learning. MIT Press, 2006.
4. A. Danielescu. Anti-debugging and anti-emulation techniques. CodeBreakers Journal, 5(1), 2008. Available online: http://www.codebreakers-journal.com/.
5. Data Rescue. Universal PE Unpacker plug-in. Available online: http://www.datarescue.com/idabase/unpack-pe.
6. M. Farooq. PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime. In Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID), pages 121-141. Springer-Verlag, 2009.
7. Faster Universal Unpacker, 1999. Available online: http://code.google. com/p/fuu/.
8. S. Garner. Weka: The Waikato environment for knowledge analysis. In Proceedings of the New Zealand Computer Science Research Students Conference, pages 57-64, 1995.
9. G. Holmes, A. Donkin, and I. H. Witten. Weka: a machine learning workbench. pages 357-361, August 1994.
10. L. Julus. Anti-debugging in WIN32, 1999. Available online: http://vx.netlux.org/lib/vlj05.html.
11. M. Kang, P. Poosankam, and H. Yin. Renovo: A hidden code extractor for packed executables. In Proceedings of the 2007 ACM workshop on Recurring malcode, pages 46-53. ACM, 2007.
12. J. Kent. Information gain and a general measure of correlation. Biometrika, 70(1):163-173, 1983.
13. R. Lyda and J. Hamrock. Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy, 5(2):40-45, 2007.
14. L. Martignoni, M. Christodorescu, and S. Jha. Omniunpack: Fast, generic, and safe unpacking of malware. In Proceedings of the 2007 Annual Computer Security Applications Conference (ACSAC), pages 431-441, 2007.
15. McAfee Labs. Mcafee whitepaper: The good, the bad, and the unknown, 2011. Available online: http://www.mcafee.com/us/resources/white-papers/wp-good-bad- unknown.pdf.
16. M. Morgenstern and H. Pilz. Useful and useless statistics about viruses and anti-virus programs. In Proceedings of the CARO Workshop, 2010. Available online: www.f-secure.com/weblog/archives/Maik-Morgenstern-Statistics.pdf.
17. G. Namata, P. Sen, M. Bilgic, and L. Getoor. Collective classification for text classification. Text Mining, pages 51-69, 2009.
18. J. Neville and D. Jensen. Collective classification with relational dependency networks. In Proceedings of the Workshop on Multi-Relational Data Mining (MRDM), 2003.
19. PEiD. PEiD webpage, 2010. Available online: http://www.peid.info/.
20. R. Perdisci, A. Lanzi, and W. Lee. Classification of packed executables for accurate computer virus detection. Pattern Recognition Letters, 29(14):1941-1946, 2008.
21. R. Perdisci, A. Lanzi, and W. Lee. McBoost: Boosting scalability in malware collection and analysis using statistical classification of executables. In Proceedings of the 2008 Annual Computer Security Applications Conference (ACSAC), pages 301-310, 2008.
22. R. Rolles. Unpacking virtualization obfuscators. In Proceedings of 3rd USENIX Workshop on Offensive Technologies.(WOOT), 2009.
23. P. Royal, M. Halpin, D. Dagon, R. Edmonds, and W. Lee. Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In Proceedings of the 2006 Annual Computer Security Applications Conference (ACSAC), pages 289-300, 2006.
24. I. Santos, F. Brezo, J. Nieves, Y. Penya, B. Sanz, C. Laorden, and P. Bringas. Idea: Opcode-sequence-based malware detection. In Engineering Secure Software and Systems, volume 5965 of LNCS, pages 35-43. 2010. 10.1007/978-3-642-11747-3 3.
25. M. Shafiq, S. Tabish, and M. Farooq. PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables. In Proceedings of the Virus Bulletin Conference (VB), 2009.
26. th IEEE Symposium on Security and Privacy, pages 94-109, 2009.
27. M. Sharif, A. Lanzi, J. Giffin, and W. Lee. Rotalumé: A Tool for Automatic Reverse Engineering of Malware Emulators. 2009.
28. Y. Singh, A. Kaur, and R. Malhotra. Comparative analysis of regression and machine learning methods for predicting fault proneness models. International Journal of Computer Applications in Technology, 35(2):183-193, 2009.
29. th DEF CON Hacking Conference, 2006.
30. P. Ször. The art of computer virus research and defense. Addison-Wesley Professional, 2005.
31. th International Conference on Computational Intelligence in Security for Information Systems (CISIS), pages 50-57, 2011.
32. VX Heavens. Available online: http://vx.netlux.org/.
33. V. Yegneswaran, H. Saidi, P. Porras, M. Sharif, and W. Mark. Eureka: A framework for enabling static analysis on malware. Technical report, Technical Report SRI-CSL-08-01, 2008.