An Efficient Multi-Step Framework for Malware Packing Identification
Jong-Wouk Kim, Yang-Sae Moon, Mi-Jung Choi
TL;DR
This paper introduces a multi-step machine learning framework that effectively classifies and identifies packed malware samples, achieving high accuracy and robustness against anti-analysis techniques.
Contribution
It presents a novel multi-step approach combining feature selection, machine learning classification, and packer identification to improve malware packing detection.
Findings
XGBoost achieved 99.67% accuracy
Selected 20 important features for classification
Proposed packer identification method for well-known packed samples
Abstract
Malware developers use combinations of techniques such as compression, encryption, and obfuscation to bypass anti-virus software. Malware with anti-analysis technologies can bypass AI-based anti-virus software and malware analysis tools. Therefore, classifying pack files is one of the big challenges. Problems arise if the malware classifiers learn packers' features, not those of malware. Training the models with unintended erroneous data turn into poisoning attacks, adversarial attacks, and evasion attacks. Therefore, researchers should consider packing to build appropriate malware classifier models. In this paper, we propose a multi-step framework for classifying and identifying packed samples which consists of pseudo-optimal feature selection, machine learning-based classifiers, and packer identification steps. In the first step, we use the CART algorithm and the permutation…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Network Security and Intrusion Detection · Anomaly Detection Techniques and Applications