Please use this identifier to cite or link to this item:
https://dspace.iiti.ac.in/handle/123456789/4659
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Hubballi, Neminath | en_US |
| dc.contributor.author | Dogra, Himanshu | en_US |
| dc.date.accessioned | 2022-03-17T01:00:00Z | - |
| dc.date.accessioned | 2022-03-17T15:35:05Z | - |
| dc.date.available | 2022-03-17T01:00:00Z | - |
| dc.date.available | 2022-03-17T15:35:05Z | - |
| dc.date.issued | 2016 | - |
| dc.identifier.citation | Hubballi, N., & Dogra, H. (2016). Detecting packed executable file: Supervised or anomaly detection method? Paper presented at the Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016, 638-643. doi:10.1109/ARES.2016.18 | en_US |
| dc.identifier.isbn | 9781509009909 | - |
| dc.identifier.other | EID(2-s2.0-85015302049) | - |
| dc.identifier.uri | https://doi.org/10.1109/ARES.2016.18 | - |
| dc.identifier.uri | https://dspace.iiti.ac.in/handle/123456789/4659 | - |
| dc.description.abstract | Executable packing is an evasion technique used to propagate malware in the wild. Packing uses compression and/or encryption to thwart static analysis. There are universal unpackers available which can extract original binary from any type of packer, however they are computationally expensive as they are based on dynamic analysis which requires malware execution. A possible approach is to use machine learning techniques for classifying whether an executable is packed or not packed. Although supervised machine learning methods are good at learning packer specific features, these require collecting data from each packer and extracting features specific to it which may not be feasible practically. In this paper we propose a semi-supervised technique and an anomaly based detection method to identify packed executable files. We measure the distance between representative generated from a packed and non-packed binary training data and estimate the class based on its nearest distance in semi-supervised method. In anomaly detection we generate a representative cluster from known non-packed samples and find the radius of cluster and compare the distance of a test executable with that of radius to decide either it as normal or packed one. We experiment with few distance measures and report detection performance of these methods on two datasets. © 2016 IEEE. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | Institute of Electrical and Electronics Engineers Inc. | en_US |
| dc.source | Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016 | en_US |
| dc.subject | Artificial intelligence | en_US |
| dc.subject | Bins | en_US |
| dc.subject | Computer crime | en_US |
| dc.subject | Cryptography | en_US |
| dc.subject | Malware | en_US |
| dc.subject | Packers | en_US |
| dc.subject | Signal detection | en_US |
| dc.subject | Static analysis | en_US |
| dc.subject | Supervised learning | en_US |
| dc.subject | Anomaly based detection | en_US |
| dc.subject | Anomaly detection | en_US |
| dc.subject | Anomaly detection methods | en_US |
| dc.subject | Detection performance | en_US |
| dc.subject | Extracting features | en_US |
| dc.subject | Machine learning techniques | en_US |
| dc.subject | Semi-supervised method | en_US |
| dc.subject | Supervised machine learning | en_US |
| dc.subject | Learning systems | en_US |
| dc.title | Detecting packed executable file: Supervised or anomaly detection method? | en_US |
| dc.type | Conference Paper | en_US |
| Appears in Collections: | Department of Computer Science and Engineering | |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
Altmetric Badge: