Next Article in Journal
On Hölder Projective Divergences
Next Article in Special Issue
Pairs Generating as a Consequence of the Fractal Entropy: Theory and Applications
Previous Article in Journal
Witnessing Multipartite Entanglement by Detecting Asymmetry
Previous Article in Special Issue
Effects of Fatty Infiltration of the Liver on the Shannon Entropy of Ultrasound Backscattered Signals
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessArticle
Entropy 2017, 19(3), 125; doi:10.3390/e19030125

Packer Detection for Multi-Layer Executables Using Entropy Analysis

Department of Computer Science and Engineering, Korea University, 02841 Seoul, Korea
*
Author to whom correspondence should be addressed.
Received: 31 January 2017 / Revised: 9 March 2017 / Accepted: 13 March 2017 / Published: 16 March 2017
(This article belongs to the Special Issue Symbolic Entropy Analysis and Its Applications)
View Full-Text   |   Download PDF [446 KB, uploaded 17 March 2017]   |  

Abstract

Packing algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall ( 96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms. View Full-Text
Keywords: re-packing algorithms; original entry point (OEP); multi-layer packing; piecewise aggregate approximation (PAA); symbolic aggregate approximation (SAX); entropy analysis re-packing algorithms; original entry point (OEP); multi-layer packing; piecewise aggregate approximation (PAA); symbolic aggregate approximation (SAX); entropy analysis
Figures

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Bat-Erdene, M.; Kim, T.; Park, H.; Lee, H. Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy 2017, 19, 125.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Entropy EISSN 1099-4300 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top