Science and Development Network (SciDev.Net)
Malware authors evade the signature based detection by packing the original malware using custom packers. In this paper, the authors present a static heuristics based approach for the detection of packed executables. They present the PE heuristics considered for analysis and taxonomy of heuristics; a method for computing the score using power distance based on weights and risks assigned to the defined heuristics; and classification of packed executable based on the threshold obtained with the training data set, and the results achieved with the test data set. The experimental results show that their approach has a high detection rate of 99.82% with a low false positive rate of 2.22%.