Summary
2020
Session Number:C06
Session:
Number:C06-4
Packer Identification Method for Multi-layer Executables with k-Nearest Neighbor of Entropies
Omachi Ryuto, Yasuyuki Murakami,
pp.504-508
Publication Date:2020/10/18
Online ISSN:2188-5079
DOI:10.34385/proc.65.C06-4
PDF download
Summary:
The damage cost caused by malware is increasing in the world. Malware coders usually use the method of packing to hinder malware detection and analysis. It is a hard task even for professional malware analysts to unpack a re-packed or a multi-layer packed malwares Bat-Erdene et al. propose a method to identify a packer of multi-layer packing using SAX. Serdar shows that k-nearest neighbor algorithm is the best method to identify the packer of single-packing among the following 4 algorithms: k-Nearest neighbor, Best-first decision Tree, Sequential minimal optimization and Naive Bayes. It can be considered that k-nearest neighbor algorithm is also effective to identify the packer for multi-layer packed malwares. In this paper, we propose a method to identify the packer for multi-layer packed malwares by using k-nearest neighbor algorithm with entropy-analysis for the malwares.