Packer Identification Method for Multi-Layer Executables Using Entropy Analysis with <I>k</I>-Nearest Neighbor Algorithm

Ryoto OMACHI; Yasuyuki MURAKAMI

doi:10.1587/transfun.2022CIL0002

Packer Identification Method for Multi-Layer Executables Using Entropy Analysis with k-Nearest Neighbor Algorithm

Ryoto OMACHI, Yasuyuki MURAKAMI

Full Text Views

0

Cite this

Summary :

The damage cost caused by malware has been increasing in the world. Usually, malwares are packed so that it is not detected. It is a hard task even for professional malware analysts to identify the packers especially when the malwares are multi-layer packed. In this letter, we propose a method to identify the packers for multi-layer packed malwares by using k-nearest neighbor algorithm with entropy-analysis for the malwares.

Publication: IEICE TRANSACTIONS on Fundamentals Vol.E106-A No.3 pp.355-357

Publication Date: 2023/03/01

Publicized: 2022/08/16

Online ISSN: 1745-1337

DOI: 10.1587/transfun.2022CIL0002

Type of Manuscript: Special Section LETTER (Special Section on Cryptography and Information Security)

Category

Authors

Ryoto OMACHI
Osaka Electro-Communication University
Yasuyuki MURAKAMI
Osaka Electro-Communication University

Keyword

malware, packer identification, multi-layer packing, k-nearest neighbor algorithm, entropy analysis

Cite this

Copy

Ryoto OMACHI, Yasuyuki MURAKAMI, "Packer Identification Method for Multi-Layer Executables Using Entropy Analysis with k-Nearest Neighbor Algorithm" in IEICE TRANSACTIONS on Fundamentals, vol. E106-A, no. 3, pp. 355-357, March 2023, doi: 10.1587/transfun.2022CIL0002.
Abstract: The damage cost caused by malware has been increasing in the world. Usually, malwares are packed so that it is not detected. It is a hard task even for professional malware analysts to identify the packers especially when the malwares are multi-layer packed. In this letter, we propose a method to identify the packers for multi-layer packed malwares by using k-nearest neighbor algorithm with entropy-analysis for the malwares.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2022CIL0002/_p

Copy

@ARTICLE{e106-a_3_355,
author={Ryoto OMACHI, Yasuyuki MURAKAMI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Packer Identification Method for Multi-Layer Executables Using Entropy Analysis with k-Nearest Neighbor Algorithm},
year={2023},
volume={E106-A},
number={3},
pages={355-357},
abstract={The damage cost caused by malware has been increasing in the world. Usually, malwares are packed so that it is not detected. It is a hard task even for professional malware analysts to identify the packers especially when the malwares are multi-layer packed. In this letter, we propose a method to identify the packers for multi-layer packed malwares by using k-nearest neighbor algorithm with entropy-analysis for the malwares.},
keywords={},
doi={10.1587/transfun.2022CIL0002},
ISSN={1745-1337},
month={March},}

Copy

TY - JOUR
TI - Packer Identification Method for Multi-Layer Executables Using Entropy Analysis with k-Nearest Neighbor Algorithm
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 355
EP - 357
AU - Ryoto OMACHI
AU - Yasuyuki MURAKAMI
PY - 2023
DO - 10.1587/transfun.2022CIL0002
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E106-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2023
AB - The damage cost caused by malware has been increasing in the world. Usually, malwares are packed so that it is not detected. It is a hard task even for professional malware analysts to identify the packers especially when the malwares are multi-layer packed. In this letter, we propose a method to identify the packers for multi-layer packed malwares by using k-nearest neighbor algorithm with entropy-analysis for the malwares.
ER -