Executable packing is the most common technique used by computer virus writers to obfuscate malicious code and evade detection by anti-virus software. Universal unpackers have been proposed that can detect and extract encrypted code from packed executables, therefore potentially revealing hidden viruses that can then be detected by traditional signature-based anti-virus software. However, universal unpackers are computationally expensive and scanning large collections of executables looking for virus infections may take several hours or even days. In this paper we apply pattern recognition techniques for fast detection of packed executables. The objective is to efficiently and accurately distinguish between packed and non-packed executables, so that only executables detected as packed will be sent to an universal unpacker, thus saving a significant amount of processing time. We show that our system achieves very high detection accuracy of packed executables with a low average processing time.
|Titolo:||Classification of packed executables for accurate computer virus detection|
LANZI, ANDREA (Secondo)
|Parole Chiave:||computer security; pattern recognition; packed executables; computer virus detection|
|Settore Scientifico Disciplinare:||Settore INF/01 - Informatica|
|Data di pubblicazione:||2008|
|Digital Object Identifier (DOI):||10.1016/j.patrec.2008.06.016|
|Appare nelle tipologie:||01 - Articolo su periodico|