Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Detection of Metamorphic Malware Packers Using Multilayered LSTM Networks
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.ORCID iD: 0000-0003-2015-9185
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science. Sapienza University of Rome, ITA.ORCID iD: 0000-0002-3118-5058
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2020 (English)In: Lecture Notes in Computer Science / [ed] Weizhi Meng, Dieter Gollmann, Christian D. Jensen, and Jianying Zhou, Springer Science and Business Media Deutschland GmbH , 2020, Vol. 12282, p. 36-53Conference paper, Published paper (Refereed)
Abstract [en]

Malware authors do their best to conceal their malicious software to increase its probability of spreading and to slow down analysis. One method used to conceal malware is packing, in which the original malware is completely hidden through compression or encryption, only to be reconstructed at run-time. In addition, packers can be metamorphic, meaning that the output of the packer will never be exactly the same, even if the same file is packed again. As the use of known off-the-shelf malware packers is declining, it is becoming increasingly more important to implement methods of detecting packed executables without having any known samples of a given packer. In this study, we evaluate the use of recurrent neural networks as a means to classify whether or not a file is packed by a metamorphic packer. We show that even with quite simple networks, it is possible to correctly distinguish packed executables from non-packed executables with an accuracy of up to 89.36% when trained on a single packer, even for samples packed by previously unseen packers. Training the network on more packer raises this number to up to 99.69%.

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2020. Vol. 12282, p. 36-53
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keywords [en]
packing, packer detection, security, static analysis, machine learning, deep learning
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-20107DOI: 10.1007/978-3-030-61078-4_3Scopus ID: 2-s2.0-85097650138ISBN: 9783030610777 (print)OAI: oai:DiVA.org:bth-20107DiVA, id: diva2:1504603
Conference
22nd International Conference on Information and Communications Security, ICICS 2020; Online, Copenhagen; Denmark; 24 August 2020 through 26 August 2020
Note

open access 

Available from: 2020-11-29 Created: 2020-11-29 Last updated: 2021-01-04Bibliographically approved

Open Access in DiVA

fulltext(423 kB)1553 downloads
File information
File name FULLTEXT01.pdfFile size 423 kBChecksum SHA-512
c7330c10e73aaae6406d4a8c083fb0b3009f8d63afe03fa65d6a142090004ac5352869517a0ea4a04792636a6afae062d66e2030946a4606db9f07b30af9f1f1
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Bergenholtz, ErikCasalicchio, EmilianoIlie, DragosMoss, Andrew

Search in DiVA

By author/editor
Bergenholtz, ErikCasalicchio, EmilianoIlie, DragosMoss, Andrew
By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1557 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 948 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf