Abstract
Most malware employs packing technology to escape detection; thus, packer identification has become increasingly important in malware detection. To improve the accuracy of packer identification, this article analyses the differences in the function call graph (FCG) and file attributes between the non-packed executable files and the executable files packed by different packers, and further proposes a 2-stage packer i dentification method based on FCG and file attributes (2-SPIFF). In 2-SPIFF, the detection model of stage I distinguishes non-packed executable files from packed executable files based on the graph features extracted from the FCG, while the identification model of stage II identifies the packer used for packing the original executable file by using the concatenated features extracted from the FCG and file attributes. The experimental results show that 2-SPIFF can achieve an accuracy of 99.80% for packer detection and an accuracy of 98.49% for packer identification.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
