skip to main content
10.1145/3440943.3444358acmconferencesArticle/Chapter ViewAbstractPublication PagesiceaConference Proceedingsconference-collections
short-paper

XGBoost based Packer Identification study using Entry point

Published: 27 September 2021 Publication History

Abstract

With the development of IT technology, the number of new and variant malware is rapidly increasing. Malware developers make it difficult to analyze malware by applying techniques such as packing and obfuscation. In this paper, packing file detection and packer identification were tested using N bytes of data extracted from the entry point of the PE file as a feature. To verify the feature performance, the ensemble model XGBoost algorithm was used. As a result, the packing file was detected with an accuracy of 97.45% and the packer was identified with an accuracy of 98.41%. Through the experiment, it was confirmed that the feature extracted from the entry point is significant for the packing file detection and the packer detection.

References

[1]
AV-Test, Total Malware Statics, https://www.av-test.org/en/statistics/malware/, 2020
[2]
Shin, D., Im, C., Jeong, H. 2010. The packer detection signature generation based on unpacking algorithm characteristic. Proceedings of the Korean Information Science Society Conference 37(1D), 56--60.
[3]
Jang, Y. Park, S. Park, Y. 2020. Packer Identification Using Adaptive Boosting Algorithm. Journal of the Korea Institute of Information Security & Cryptology 30(2), 169--177.
[4]
Hwang, J. Lee, T. 2018. Malware Packing Analysis Based on Convolutional Neural Network with 2-Dimension Static Feature Set. The Journal of Korea Information and Communications Society 43(12), 2089--2099.
[5]
Moon, H. Sung, J. Lee, H. Jang, G. Kwak, K. Woo, S. 2018. Identification of Attack Group using Malware and Packer Detection. Journal of KIISE 45(2), 106--112.
[6]
Kim, s. Ha, J. Lee, T.2018. A Study on Automatic Classification Technique of Malware Packing Type. Journal of the Korea Institute of Information Security & Cryptology 28(5), 1119--1127.
[7]
Wikipedia, "Entry point", https://en.wikipedia.org/wiki/Entry point
[8]
Kim, G. Park, Y. 2018. Improved Original Entry Point Detection Method, Journal of Information Processing Systems, vol. 7, no. 6, pp. 155--164.
[9]
Wikipedia, "XGBoost", https://en.wikipedia.org/wiki/XGBoost

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ACM ICEA '20: Proceedings of the 2020 ACM International Conference on Intelligent Computing and its Emerging Applications
December 2020
219 pages
ISBN:9781450383042
DOI:10.1145/3440943
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 September 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Entry point
  2. Malware
  3. Packer Identification
  4. XGBoost

Qualifiers

  • Short-paper
  • Research
  • Refereed limited

Conference

ACM ICEA '20
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 33
    Total Downloads
  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media