Packer Detection for Multi-Layer Executables Using Entropy Analysis
AbstractPacking algorithms are broadly used to avoid anti-malware systems, and the proportion of packed malware has been growing rapidly. However, just a few studies have been conducted on detection various types of packing algorithms in a systemic way. Following this understanding, we elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi-layer packing. We convert entropy values of the executable file loaded into memory into symbolic representations, for which we used SAX (Symbolic Aggregate Approximation). Based on experiments of 2196 programs and 19 packing algorithms, we identify that precision (97.7%), accuracy (97.5%), and recall ( 96.8%) of our method are respectively high to confirm that entropy analysis is applicable in identifying packing algorithms. View Full-Text
Share & Cite This Article
Bat-Erdene, M.; Kim, T.; Park, H.; Lee, H. Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy 2017, 19, 125.
Bat-Erdene M, Kim T, Park H, Lee H. Packer Detection for Multi-Layer Executables Using Entropy Analysis. Entropy. 2017; 19(3):125.Chicago/Turabian Style
Bat-Erdene, Munkhbayar; Kim, Taebeom; Park, Hyundo; Lee, Heejo. 2017. "Packer Detection for Multi-Layer Executables Using Entropy Analysis." Entropy 19, no. 3: 125.
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.