A Heuristics-Based Static Analysis Approach for Detecting Packed PE Binaries

Malware authors evade the signature based detection by packing the original malware using custom packers. In this paper, the authors present a static heuristics based approach for the detection of packed executables. They present the PE heuristics considered for analysis and taxonomy of heuristics; a method for computing the score using power distance based on weights and risks assigned to the defined heuristics; and classification of packed executable based on the threshold obtained with the training data set, and the results achieved with the test data set. The experimental results show that their approach has a high detection rate of 99.82% with a low false positive rate of 2.22%.

Provided by: Science and Development Network (SciDev.Net) Topic: Security Date Added: Oct 2013 Format: PDF

Find By Topic