Abstract
A method has been proposed for identifying malicious programs that use encryption as a disguise. In this paper, a modification of the statistical spectral test based on entropy analysis has been described.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Platonov, V.V., Programmno-apparatnye sredstva zashchity informatsii (Software and Hardware Means of Information Security), Moscow: Izd. Tsentr Akademiya, 2013.
Christian Ammann Hyperion: Implementation of a PE-Crypter, 2012.
Rostovtsev, A.G. and Makhovenko, E.B., Teoreticheskaya Kriptografiya (Theoretical Cryptography), St. Petersburg: ANO NPO Professional, 2005.
Matveeva, V.S., A new way to distinguish compressed file formats from encrypted files, Probl. Inf. Bezop., Komp’yut. Sist., 2015, no. 4, pp. 131–139.
NIST SP800-22. A Statistical Test Suite for Random and Pseudorandom Number Genera tors for Cryptographic Applications, NIST, 2010, p. 131.
Deitrich, C.J., Rossow, C., Freiling, F.C., Bos, H., van Steen, M., and Pohlmann, N., On Botnets that Use DNS for Command and Control, 2011.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © I.V. Alekseev, V.V. Platonov, 2017, published in Problemy Informatsionnoi Bezopasnosti, Komp’yuternye Sistemy.
About this article
Cite this article
Alekseev, I.V., Platonov, V.V. Detection of encrypted executable files based on entropy analysis to determine the randomness measure of byte sequences. Aut. Control Comp. Sci. 51, 915–920 (2017). https://doi.org/10.3103/S0146411617080041
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411617080041