Experimental Toolkit for Manipulating Executable Packing

TL;DR

This paper introduces Packing Box, an open-source experimental toolkit that automates and standardizes the evaluation of executable packing detection methods, addressing current limitations in datasets, reproducibility, and benchmarking.

Contribution

It presents a unified, open-source platform for benchmarking and analyzing static packing detection techniques, including ground truth generation and machine learning pipeline automation.

Findings

Provides a comprehensive benchmarking framework for packing detection methods.

Demonstrates the toolkit's effectiveness through experiments and performance analysis.

Facilitates unbiased ground truth creation and data visualization for research.

Abstract

Be it for a malicious or legitimate purpose, packing, a transformation that consists in applying various operations like compression or encryption to a binary file, i.e. for making reverse engineering harder or obfuscating code, is widely employed since decades already. Particularly in the field of malware analysis where a stumbling block is evasion, it has proven effective and still gives a hard time to scientists who want to efficiently detect it. While already extensively covered in the scientific literature, it remains an open issue especially when considering its detection time and accuracy trade-off. Many approaches, including machine learning, have been proposed but most studies often restrict their scope (i.e. malware and PE files), rely on uncertain datasets (i.e. built based on a super-detector or using labels from an questionable source) and do no provide any open implementation, which makes comparing state-of-the-art solutions tedious. Considering the many challenges that packing implies, there exists room for improvement in the way it is addressed, especially when dealing with static detection techniques. In order to tackle with these challenges, we propose an experimental toolkit, aptly called the Packing Box, leveraging automation and containerization in an open source platform that brings a unified solution to the research community and we showcase it with some experiments including unbiased ground truth generation, data visualization, machine learning pipeline automation and performance of open source packing static detectors.